Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30995
WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30994
WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30991
WordPress Premium Packages <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2.

CVSS: MEDIUM (6.5)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30990
WordPress ThemeHunk <= 1.1.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30989
WordPress Libro de Reclamaciones y Quejas <= 0.9 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows SQL Injection. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9.

CVSS: HIGH (7.6)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30986
WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5.

CVSS: MEDIUM (5.4)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30981
WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14.

CVSS: MEDIUM (6.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30980
WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30978
WordPress Slack Notifications by dorzki <= 2.0.7 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-30977
WordPress WP Live Chat + Chatbots Plugin for WordPress – Chaport <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress – Chaport allows Stored XSS. This issue affects WP Live Chat + Chatbots Plugin for WordPress – Chaport: from n/a through 1.1.5.

CVSS: MEDIUM (5.9)

Source: CVE
June 6th, 2025 (1 day ago)