Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31015 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through 1.3.1.
CVSS: HIGH (7.5) EPSS Score: 0.11%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-31014 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-2636 |
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
April 11th, 2025 (10 days ago)
|
|
🚨 Marked as known exploited on April 11th, 2025 (10 days ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.
The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.
"The
CVSS: HIGH (8.1) EPSS Score: 0.15%
April 11th, 2025 (10 days ago)
|
|
CVE-2024-29790 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.
CVSS: HIGH (7.1) EPSS Score: 0.1% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-29759 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
CVSS: HIGH (7.1) EPSS Score: 0.1% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-29098 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.08% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-27994 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.14% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-27967 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.04% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-27195 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.
CVSS: HIGH (7.1) EPSS Score: 0.06% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|