Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31576
WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31575
WordPress Flag Icons plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons allows Stored XSS. This issue affects Flag Icons: from n/a through 2.2.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31574
WordPress Custom Content Scrollbar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Custom Content Scrollbar allows Stored XSS. This issue affects Custom Content Scrollbar: from n/a through 1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31572
WordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar allows Cross Site Request Forgery. This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through 1.1.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31567
WordPress Themesflat Addons For Elementor plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS. This issue affects Themesflat Addons For Elementor: from n/a through 2.2.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31562
WordPress Uptime Robot Plugin for WordPress plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows DOM-Based XSS. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31559
WordPress Custom Database Applications by Caspio plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caspio Bridge Custom Database Applications by Caspio allows DOM-Based XSS. This issue affects Custom Database Applications by Caspio: from n/a through 2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31557
WordPress OSM – OpenStreetMap plugin <= 6.1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM – OpenStreetMap allows DOM-Based XSS. This issue affects OSM – OpenStreetMap: from n/a through 6.1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31556
WordPress IMPress for IDX Broker plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS. This issue affects IMPress for IDX Broker: from n/a through 3.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (22 days ago)

CVE-2025-31555
WordPress ContentMX Content Publisher plugin <= 1.0.6 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in ContentMX ContentMX Content Publisher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentMX Content Publisher: from n/a through 1.0.6.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
March 31st, 2025 (22 days ago)