Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49304	WordPress Search with Typesense <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeManas Search with Typesense allows Stored XSS. This issue affects Search with Typesense: from n/a through 2.0.10. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49301	WordPress Greenshift <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows DOM-Based XSS. This issue affects Greenshift: from n/a through 11.5.5. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49299	WordPress WebHotelier <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPlugged.com WebHotelier allows Stored XSS. This issue affects WebHotelier: from n/a through 1.9.2. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49298	WordPress Event post <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows Stored XSS. This issue affects Event post: from n/a through 5.10.1. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49294	WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability Description: Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Retrieve Embedded Sensitive Data. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49293	WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49292	WordPress Profile Builder <= 3.13.8 - Content Spoofing Vulnerability Description: Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49291	WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49289	WordPress PDF for WPForms <= 5.5.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.5.0. CVSS: MEDIUM (5.0) Source: CVE June 6th, 2025 (about 3 hours ago)
CVE-2025-49288	WordPress Ultimate WP Mail <= 1.3.5 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 3 hours ago)