Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22027 |
Description: Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.
SSVC Exploitation: none
June 5th, 2025 (about 7 hours ago)
|
|
CVE-2025-4580 |
Description: The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
EPSS Score: 0.02%
June 4th, 2025 (2 days ago)
|
|
CVE-2025-4578 |
Description: The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
EPSS Score: 0.02%
June 4th, 2025 (2 days ago)
|
|
CVE-2024-0238 |
Description: The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.
EPSS Score: 0.54% SSVC Exploitation: none
June 2nd, 2025 (3 days ago)
|
|
CVE-2024-0237 |
Description: The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc
EPSS Score: 0.29% SSVC Exploitation: none
June 2nd, 2025 (3 days ago)
|
|
CVE-2025-3951 |
Description: The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
EPSS Score: 0.02%
June 2nd, 2025 (4 days ago)
|
|
CVE-2025-1485 |
Description: The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
June 2nd, 2025 (4 days ago)
|
|
CVE-2025-4429 |
Description: The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.03%
May 30th, 2025 (7 days ago)
|
|
Description: WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
May 29th, 2025 (8 days ago)
|
|
Description: Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
May 29th, 2025 (8 days ago)
|