Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39456
WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in iTRON WP Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logger: from n/a through 2.2.

CVSS: MEDIUM (5.4)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39455
WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5.

CVSS: HIGH (7.1)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39453
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.3.

CVSS: MEDIUM (4.3)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39452
WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.

CVSS: HIGH (7.5)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39444
WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons allows Stored XSS. This issue affects MaxButtons: from n/a through 9.8.3.

CVSS: MEDIUM (5.9)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39443
WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

CVSS: MEDIUM (4.3)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39442
WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7.

CVSS: HIGH (7.1)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39441
WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1.

CVSS: HIGH (7.1)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39440
WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2.

CVSS: HIGH (7.1)

Source: CVE
April 17th, 2025 (about 5 hours ago)

CVE-2025-39439
WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9.

CVSS: MEDIUM (5.3)

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (about 5 hours ago)