Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26922 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techthemes AuraMart allows Stored XSS.This issue affects AuraMart: from n/a through 2.0.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26869 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26747 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26739 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26559 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Secure Invites allows Reflected XSS. This issue affects Secure Invites: from n/a through 1.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-26537 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound GDPR Tools allows Stored XSS. This issue affects GDPR Tools: from n/a through 1.0.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2024-37118 |
Description: Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.05% SSVC Exploitation: none
March 26th, 2025 (28 days ago)
|
|
CVE-2025-2228 |
Description: The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.
CVSS: MEDIUM (5.7) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-1769 |
Description: The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.
CVSS: MEDIUM (4.9) EPSS Score: 0.21%
March 26th, 2025 (28 days ago)
|
|
CVE-2025-1312 |
Description: The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
March 26th, 2025 (28 days ago)
|