Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-28948
WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-27360
WordPress Quick Event Calendar <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-27359
WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-27334
WordPress Simple Google Static Map <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1.

CVSS: MEDIUM (6.5)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-26593
WordPress FastBook <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-26590
WordPress Complete Google Seo Scan <= 3.5.1 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1.

CVSS: HIGH (7.6)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-24778
WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.

CVSS: MEDIUM (5.4)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-24776
WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.

CVSS: MEDIUM (5.4)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-24772
WordPress Pay with Contact Form 7 <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.

CVSS: MEDIUM (5.4)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-24763
WordPress bbPress API <= 1.0.14 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.

CVSS: MEDIUM (5.3)

Source: CVE
June 6th, 2025 (1 day ago)