Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27283	WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Download vulnerability Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal. This issue affects Theme File Duplicator: from n/a through 1.3. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-24737	WordPress WP Helper Premium plugin <= 4.6.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Helper Premium: from n/a through 4.6.1. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-24651	WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability Description: Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data. This issue affects WordPress Backup & Migration: from n/a through 1.5.3. CVSS: MEDIUM (5.9) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-24583	WordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerability Description: Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-24581	WordPress Instantio plugin <= 3.3.7 - Settings Change vulnerability Description: Missing Authorization vulnerability in Themefic Instantio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Instantio: from n/a through 3.3.7. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-24577	WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-24550	WordPress Job Manager plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JobScore Job Manager allows Stored XSS. This issue affects Job Manager: from n/a through 2.2. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-23958	WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Wysiwyg Background Color: from n/a through 1.0. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-23906	WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability Description: Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)
CVE-2025-23773	WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: from n/a through 1.1.1. CVSS: MEDIUM (6.5) Source: CVE April 17th, 2025 (about 6 hours ago)