Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24762 |
Description: Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
CVSS: MEDIUM (5.4)
June 6th, 2025 (1 day ago)
|
|
CVE-2025-23971 |
Description: Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVSS: MEDIUM (5.3)
June 6th, 2025 (1 day ago)
|
|
CVE-2025-23969 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVSS: MEDIUM (5.3)
June 6th, 2025 (1 day ago)
|
|
CVE-2025-5760 |
Description: The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
CVSS: MEDIUM (4.9) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-5239 |
Description: The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-49077 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-49076 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-49075 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-49074 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-49068 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|