Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49244	WordPress Shortcodes Ultimate <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate allows Stored XSS. This issue affects Shortcodes Ultimate: from n/a through 7.3.5. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49243	WordPress ShiftNav – Responsive Mobile Menu <= 1.8 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav – Responsive Mobile Menu allows Stored XSS. This issue affects ShiftNav – Responsive Mobile Menu: from n/a through 1.8. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49242	WordPress Bellows Accordion Menu <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark Bellows Accordion Menu allows Stored XSS. This issue affects Bellows Accordion Menu: from n/a through 1.4.3. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49241	WordPress oik <= 4.15.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49240	WordPress DocsPress <= 2.5.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in nK DocsPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DocsPress: from n/a through 2.5.2. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49239	WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49238	WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49237	WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor allows Path Traversal. This issue affects POEditor: from n/a through 0.9.10. CVSS: HIGH (7.4) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49236	WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 7 hours ago)
CVE-2025-49235	WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit Addons for Elementor allows Stored XSS. This issue affects RTMKit Addons for Elementor: from n/a through 1.6.0. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 7 hours ago)