Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-29010
WordPress Behance Portfolio Manager <= 1.7.4 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-29008
WordPress SocialMark <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.

CVSS: MEDIUM (4.9)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-29006
WordPress Direct Checkout for WooCommerce Lite <= 1.0.3 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3.

CVSS: MEDIUM (5.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-29005
WordPress HR Management Lite <= 3.3 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-29003
WordPress The Holiday Calendar <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1.

CVSS: MEDIUM (6.5)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28997
WordPress WP AutoKeyword <= 1.0 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.

CVSS: MEDIUM (5.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28996
WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28995
WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.

CVSS: MEDIUM (5.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28994
WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28989
WordPress Read More Login <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3.

CVSS: MEDIUM (5.9)

Source: CVE
June 6th, 2025 (1 day ago)