Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30764 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool allows Cross Site Request Forgery. This issue affects Football Pool: from n/a through 2.12.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 27th, 2025 (27 days ago)
|
|
CVE-2025-30763 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP allows Stored XSS. This issue affects EO4WP: from n/a through 1.0.8.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 27th, 2025 (27 days ago)
|
|
CVE-2025-2685 |
Description: The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
March 27th, 2025 (27 days ago)
|
|
CVE-2025-2481 |
Description: The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.08%
March 27th, 2025 (27 days ago)
|
|
CVE-2024-0250 |
Description: The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVSS: MEDIUM (6.1) EPSS Score: 20.13% SSVC Exploitation: none
March 26th, 2025 (27 days ago)
|
|
CVE-2024-0902 |
Description: The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.3) EPSS Score: 0.02% SSVC Exploitation: poc
March 26th, 2025 (27 days ago)
|
|
CVE-2024-2322 |
Description: The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
CVSS: MEDIUM (6.8) EPSS Score: 0.04% SSVC Exploitation: poc
March 26th, 2025 (28 days ago)
|
|
CVE-2025-28885 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Fiverr.com Official Search Box allows Stored XSS. This issue affects Fiverr.com Official Search Box: from n/a through 1.0.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26929 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NOUS Ouvert Utile et Simple Accounting for WooCommerce allows Stored XSS.This issue affects Accounting for WooCommerce: from n/a through 1.6.8.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26923 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows Stored XSS.This issue affects Event post: from n/a through 5.9.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|