Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39518 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2.
CVSS: HIGH (7.6) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-39517 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery. This issue affects Basic Interactive World Map: from n/a through 2.7.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-39516 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alan Petersen Author WIP Progress Bar allows DOM-Based XSS. This issue affects Author WIP Progress Bar: from n/a through 1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-39515 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager allows Stored XSS. This issue affects Attendance Manager: from n/a through 0.6.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-39514 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-39513 |
Description: Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: from n/a through 0.2.46.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-39512 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery. This issue affects Bulk Term Editor: from n/a through 1.1.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-30960 |
Description: Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.
CVSS: HIGH (8.3) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-3104 |
Description: The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest() function. This makes it possible for unauthenticated attackers to reveal outdated installed active or inactive plugins.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-3077 |
Description: The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|