Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22740 |
Description: Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
March 27th, 2025 (26 days ago)
|
|
CVE-2025-22739 |
Description: Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
March 27th, 2025 (26 days ago)
|
|
CVE-2024-0757 |
Description: The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files
CVSS: MEDIUM (5.4) EPSS Score: 32.0% SSVC Exploitation: none
March 27th, 2025 (26 days ago)
|
|
CVE-2024-1319 |
Description: The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).
CVSS: MEDIUM (4.3) EPSS Score: 0.1% SSVC Exploitation: poc
March 27th, 2025 (26 days ago)
|
|
CVE-2025-26762 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 27th, 2025 (26 days ago)
|
|
CVE-2025-22659 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 27th, 2025 (26 days ago)
|
|
CVE-2025-22649 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 27th, 2025 (26 days ago)
|
|
CVE-2025-22648 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through 2.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 27th, 2025 (26 days ago)
|
|
CVE-2025-22647 |
Description: Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
March 27th, 2025 (26 days ago)
|
|
CVE-2025-22646 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
March 27th, 2025 (26 days ago)
|