Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30838
WordPress Cozy Blocks plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS. This issue affects Cozy Blocks: from n/a through 2.1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30836
WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30833
WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30832
WordPress Themify Event Post Plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30830
WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cool Author Box: from n/a through 2.9.9.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30828
WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30826
WordPress IP Locator plugin <= 4.1.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator allows DOM-Based XSS. This issue affects IP Locator: from n/a through 4.1.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30824
WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Israpil Textmetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Textmetrics: from n/a through 3.6.1.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30823
WordPress Anthologize Plugin <= 0.8.2 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (27 days ago)

CVE-2025-30822
WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery. This issue affects Custom Login Logo: from n/a through 1.1.7.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (27 days ago)