Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31618
WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.9 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.9.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31614
WordPress Terms Before Download plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hiroprot Terms Before Download allows Stored XSS. This issue affects Terms Before Download: from n/a through 1.0.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31611
WordPress Auto Post After Image Upload plugin <= 1.6 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Post After Image Upload: from n/a through 1.6.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31610
WordPress Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gingerplugins Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme allows Stored XSS. This issue affects Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme: from n/a through 1.1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31609
WordPress WPCargo Track & Trace plugin <= 7.0.6 - Insecure Direct Object References (IDOR) vulnerability
Description: Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPCargo Track & Trace: from n/a through 7.0.6.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31608
WordPress CookieHint WP plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reDim GmbH CookieHint WP allows Stored XSS. This issue affects CookieHint WP: from n/a through 1.0.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31607
WordPress Simple-Audioplayer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flomei Simple-Audioplayer allows Stored XSS. This issue affects Simple-Audioplayer: from n/a through 1.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31606
WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability
Description: Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SP Blog Designer: from n/a through 1.0.0.

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31605
WordPress Welcome Popup plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WeblineIndia Welcome Popup allows Stored XSS. This issue affects Welcome Popup: from n/a through 1.0.10.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31604
WordPress Cal.com plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Cal.com Cal.com allows Stored XSS. This issue affects Cal.com: from n/a through 1.0.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)