Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10680 |
Description: The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-3247 |
Description: The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-2314 |
Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The issue was partially patched in version 3.13.6 of the plugin, and fully patched in 3.13.7.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2024-13452 |
Description: The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
April 16th, 2025 (4 days ago)
|
|
CVE-2025-32923 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-30984 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7.
CVSS: HIGH (7.1) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-30982 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-30970 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Contact allows Reflected XSS. This issue affects Easy Contact: from n/a through 0.1.2.
CVSS: HIGH (7.1) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-30967 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 15th, 2025 (5 days ago)
|
|
CVE-2025-30966 |
Description: Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 15th, 2025 (5 days ago)
|