Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26744
WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetBlog allows DOM-Based XSS. This issue affects JetBlog: from n/a through 2.4.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26743
WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter allows Reflected XSS. This issue affects Advance WP Query Search Filter: from n/a through 1.0.10.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26741
WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability
Description: Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-32929
WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability
Description: Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2025-26992
WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.8.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2025-2083
Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter
Description: The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2025-2225
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Sc...
Description: The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rael_title_tag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 1.6.9.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2024-13610
Simple Social Media Share Buttons < 6.0.0 - Admin+ Stored XSS
Description: The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2024-13207
Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS
Description: The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2025-3470
TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter
Description: The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: MEDIUM (4.9)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 15th, 2025 (6 days ago)