Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Premium WordPress 'Motors' theme vulnerable to admin takeover attacks
Description: A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. [...]
Source: BleepingComputer
May 20th, 2025 (14 days ago)
Alleged Sale of WordPress Shop to an Unidentified Company in North Macedonia
Description: Alleged Sale of WordPress Shop to an Unidentified Company in North Macedonia
Source: DarkWebInformer
May 20th, 2025 (15 days ago)
Alleged Sale of Unauthorized Admin Access to a UK WordPress Gambling Platform
Description: Alleged Sale of Unauthorized Admin Access to a UK WordPress Gambling Platform
Source: DarkWebInformer
May 19th, 2025 (16 days ago)

CVE-2025-4190
CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload
Description: The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

EPSS Score: 0.05%

Source: CVE
May 17th, 2025 (18 days ago)

CVE-2025-1303
Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Unauthenticated Reflected XSS
Description: The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

EPSS Score: 0.04%

Source: CVE
May 15th, 2025 (19 days ago)

CVE-2025-1289
Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Admin+ Stored XSS
Description: The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE
May 15th, 2025 (19 days ago)

CVE-2025-1286
Download HTML TinyMCE Button <= 1.2 - Reflected XSS
Description: The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.03%

Source: CVE
May 15th, 2025 (19 days ago)

CVE-2025-1033
Badgearoo <= 1.0.14 - Admin+ Stored XSS
Description: The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE
May 15th, 2025 (19 days ago)

CVE-2025-0688
Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS
Description: The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

EPSS Score: 0.05%

Source: CVE
May 15th, 2025 (19 days ago)

CVE-2025-0687
Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS
Description: The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

EPSS Score: 0.05%

Source: CVE
May 15th, 2025 (19 days ago)