Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-47465
WordPress Blocksy <= 2.0.97 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97.

CVSS: MEDIUM (4.9)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47464
WordPress Solace Extra <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.1.

CVSS: MEDIUM (4.9)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47462
WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challan allows Privilege Escalation. This issue affects Challan: from n/a through 3.7.58.

CVSS: HIGH (8.8)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47460
WordPress TrackShip for WooCommerce <= 1.9.1 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce allows SQL Injection. This issue affects TrackShip for WooCommerce: from n/a through 1.9.1.

CVSS: HIGH (7.6)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47459
WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3.

CVSS: MEDIUM (4.3)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47457
WordPress LocateAndFilter <= 1.6.16 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16.

CVSS: MEDIUM (5.3)

SSVC Exploitation: none

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47456
WordPress WP Gravity Forms Zendesk <= 1.1.2 - Open Redirection Vulnerability
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zendesk allows Phishing. This issue affects WP Gravity Forms Zendesk: from n/a through 1.1.2.

CVSS: MEDIUM (4.7)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47455
WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5.

CVSS: MEDIUM (4.7)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47454
WordPress WP Gravity Forms Dynamics CRM <= 1.1.4 - Open Redirection Vulnerability
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Dynamics CRM allows Phishing. This issue affects WP Gravity Forms Dynamics CRM: from n/a through 1.1.4.

CVSS: MEDIUM (4.7)

Source: CVE
May 7th, 2025 (1 day ago)

CVE-2025-47451
WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2.

CVSS: MEDIUM (4.3)

Source: CVE
May 7th, 2025 (1 day ago)