Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47529 |
Description: Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-47513 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path Traversal. This issue affects Infocob CRM Forms: from n/a through 2.4.0.
CVSS: MEDIUM (4.9) EPSS Score: 0.05%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-46527 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-46518 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-46493 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-46486 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7.
CVSS: MEDIUM (4.9) EPSS Score: 0.05%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-5096 |
Description: The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.06%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-4594 |
Description: The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-4419 |
Description: The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
May 22nd, 2025 (15 days ago)
|
|
CVE-2025-4405 |
Description: The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (4.9) EPSS Score: 0.03%
May 22nd, 2025 (15 days ago)
|