Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30957	WordPress Activity Plus Reloaded for BuddyPress <= 1.1.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30956	WordPress Booqable Rental <= 2.4.20 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30954	WordPress WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirection Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0. CVSS: MEDIUM (4.7) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30953	WordPress WP Gravity Forms Salesforce <= 1.4.7 - Open Redirection Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7. CVSS: MEDIUM (4.7) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30952	WordPress Nexa Blocks <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdive Nexa Blocks allows Stored XSS. This issue affects Nexa Blocks: from n/a through 1.1.0. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30951	WordPress BlockStrap Page Builder - Bootstrap Blocks <= 0.1.36 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks allows Stored XSS. This issue affects BlockStrap Page Builder - Bootstrap Blocks: from n/a through 0.1.36. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30950	WordPress All Currencies for WooCommerce <= 2.4.4 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce allows Stored XSS. This issue affects All Currencies for WooCommerce: from n/a through 2.4.4. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30948	WordPress Layouts for Elementor <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor allows Cross Site Request Forgery. This issue affects Layouts for Elementor: from n/a through 1.11. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30946	WordPress Custom Bulk/Quick Edit <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit allows Cross Site Request Forgery. This issue affects Custom Bulk/Quick Edit: from n/a through 1.6.10. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 21 hours ago)
CVE-2025-30945	WordPress Taskbuilder <= 4.0.3 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 21 hours ago)