Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49250	WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49248	WordPress Team Showcase < 25.05.13 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in cmoreira Team Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Showcase: from n/a through n/a. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49246	WordPress Testimonials Showcase <= 1.9.16 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in cmoreira Testimonials Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Testimonials Showcase: from n/a through 1.9.16. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49244	WordPress Shortcodes Ultimate <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate allows Stored XSS. This issue affects Shortcodes Ultimate: from n/a through 7.3.5. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49243	WordPress ShiftNav – Responsive Mobile Menu <= 1.8 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav – Responsive Mobile Menu allows Stored XSS. This issue affects ShiftNav – Responsive Mobile Menu: from n/a through 1.8. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49242	WordPress Bellows Accordion Menu <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark Bellows Accordion Menu allows Stored XSS. This issue affects Bellows Accordion Menu: from n/a through 1.4.3. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49241	WordPress oik <= 4.15.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49240	WordPress DocsPress <= 2.5.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in nK DocsPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DocsPress: from n/a through 2.5.2. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49239	WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49238	WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)