Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-48289
WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48287
WordPress Pix 4x sem juros – Pagaleve <= 1.6.9 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros – Pagaleve allows Object Injection. This issue affects Pix 4x sem juros – Pagaleve: from n/a through 1.6.9.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48286
WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48283
WordPress Majestic Support <= 1.1.0 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48275
WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48273
WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48271
WordPress Leadinfo <= 1.1 - Settings Change Vulnerability
Description: Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48245
WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-48241
WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47690
WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability
Description: Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)