Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31733 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap allows Stored XSS. This issue affects WP Sitemap: from n/a through 1.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31732 |
Description: Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GB Gallery Slideshow: from n/a through 1.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31731 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode allows Stored XSS. This issue affects Author Bio Shortcode: from n/a through 2.5.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31730 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons allows Stored XSS. This issue affects Marketer Addons: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31408 |
Description: Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-2906 |
Description: The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-1512 |
Description: The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-1267 |
Description: The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
April 1st, 2025 (21 days ago)
|
|
CVE-2024-12189 |
Description: The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-31409 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 1st, 2025 (21 days ago)
|