Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31779
WordPress Query Wrangler plugin <= 1.5.53 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Daggerhart Query Wrangler allows Cross Site Request Forgery. This issue affects Query Wrangler: from n/a through 1.5.53.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31778
WordPress Donate Me Plugin <= 1.2.5 - Stored Cross-Site Scripting vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raphaelheide Donate Me allows Reflected XSS. This issue affects Donate Me: from n/a through 1.2.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31777
WordPress Clockinator Lite plugin <= 1.0.7 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31776
WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31775
WordPress Google SEO Pressor for Rich snippets Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in smackcoders Google SEO Pressor Snippet allows Cross Site Request Forgery. This issue affects Google SEO Pressor Snippet: from n/a through 2.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31774
WordPress Astra Security Suite plugin<= 0.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in WebProtect.ai Astra Security Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Astra Security Suite: from n/a through 0.2.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31773
WordPress Ship Per Product plugin <= 2.1.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in cedcommerce Ship Per Product allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ship Per Product: from n/a through 2.1.0.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31772
WordPress WP Modal Popup with Cookie Integration plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Stored XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31771
WordPress Team Members for Elementor Page Builder plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder allows Stored XSS. This issue affects Team Members for Elementor Page Builder: from n/a through 1.0.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (20 days ago)

CVE-2025-31770
WordPress Content Manager Light plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light allows Stored XSS. This issue affects Content Manager Light: from n/a through 3.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (20 days ago)