Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4094 |
Description: The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.
CVSS: CRITICAL (9.8) EPSS Score: 0.54%
May 21st, 2025 (19 days ago)
|
|
Description: A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. [...]
May 20th, 2025 (20 days ago)
|
|
Description: Alleged Sale of WordPress Shop to an Unidentified Company in North Macedonia
May 20th, 2025 (20 days ago)
|
|
CVE-2024-5878 |
Description: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 20th, 2025 (20 days ago)
|
|
CVE-2025-2929 |
Description: The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS: HIGH (7.1) EPSS Score: 0.03%
May 20th, 2025 (20 days ago)
|
|
CVE-2025-4322 |
Description: The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 10.78%
May 20th, 2025 (20 days ago)
|
|
CVE-2025-48340 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through 1.02.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
May 19th, 2025 (20 days ago)
|
|
CVE-2025-46441 |
Description: Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 19th, 2025 (21 days ago)
|
|
CVE-2025-39411 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Indie_Plugins WhatsApp Click to Chat Plugin for WordPress.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through 2.2.12.
CVSS: HIGH (7.5) EPSS Score: 0.11%
May 19th, 2025 (21 days ago)
|
|
CVE-2025-39410 |
Description: Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 19th, 2025 (21 days ago)
|