Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-28986
WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.

CVSS: HIGH (8.2)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28985
WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.

CVSS: MEDIUM (5.4)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28984
WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28981
WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28974
WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28966
WordPress Recent Posts Slider Responsive plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28964
WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28958
WordPress Bg Orthodox Calendar plugin <= 0.13.10 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10.

CVSS: HIGH (7.1)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28954
WordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.

CVSS: HIGH (7.4)

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-28952
WordPress CubePoints <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1.

CVSS: MEDIUM (4.3)

Source: CVE
June 6th, 2025 (1 day ago)