Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-31000	WordPress Payment QR WooCommerce <= 1.1.6 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30999	WordPress WP Shopify <= 1.5.3 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fahad Mahmood WP Shopify allows PHP Local File Inclusion. This issue affects WP Shopify: from n/a through 1.5.3. CVSS: HIGH (7.5) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30997	WordPress Car Repair Services <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30995	WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0. CVSS: HIGH (7.1) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30994	WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30991	WordPress Premium Packages <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30990	WordPress ThemeHunk <= 1.1.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30989	WordPress Libro de Reclamaciones y Quejas <= 0.9 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows SQL Injection. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9. CVSS: HIGH (7.6) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30986	WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 8 hours ago)
CVE-2025-30981	WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14. CVSS: MEDIUM (6.3) Source: CVE June 6th, 2025 (about 8 hours ago)