Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-32670
WordPress Spark GF Failed Submissions plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions allows Reflected XSS. This issue affects Spark GF Failed Submissions: from n/a through 1.3.5.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32666
WordPress Hive Support plugin <= 1.2.2- Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Reflected XSS. This issue affects Hive Support: from n/a through 1.2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32665
WordPress Office Locator plugin <= 1.3.0 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32662
WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability
Description: Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32660
WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32658
WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32655
WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32653
WordPress Cart66 Cloud Plugin <= 2.3.7 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud allows Reflected XSS. This issue affects Cart66 Cloud: from n/a through 2.3.7.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32652
WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32651
WordPress SERPed.net Plugin <= 4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net allows Reflected XSS. This issue affects SERPed.net: from n/a through 4.6.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)