Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49287	WordPress Product Feed for WooCommerce <= 2.2.8 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49286	WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49285	WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49284	WordPress WP Maintenance Mode & Site Under Construction <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction allows Cross Site Request Forgery. This issue affects WP Maintenance Mode & Site Under Construction: from n/a through 4.3. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49283	WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49273	WordPress WP Tools <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49272	WordPress Trinity Audio <= 5.20.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in sergiotrinity Trinity Audio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trinity Audio: from n/a through 5.20.0. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49270	WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49269	WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 4 hours ago)
CVE-2025-49268	WordPress Verge3D <= 4.9.4 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 4 hours ago)