Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-47603
WordPress belingoGeo <= 1.12.0 - Arbitrary File Download Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47599
WordPress Facturante <= 1.11 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47575
WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47568
WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47558
WordPress MapSVG plugin <= 8.5.31 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in RomanCode MapSVG allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MapSVG: from n/a through 8.5.31.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47541
WordPress Mail Mint <= 1.17.7 - Sensitive Data Exposure Vulnerability
Description: Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47539
WordPress Eventin <= 4.0.26 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.

CVSS: CRITICAL (9.8)

EPSS Score: 6.01%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47535
WordPress Opal Woo Custom Product Variation <= 1.2.0 - Arbitrary File Deletion Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0.

CVSS: HIGH (8.6)

EPSS Score: 0.06%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47532
WordPress CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce allows Object Injection. This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through 1.0.17.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-47530
WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)