Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39352
WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability
Description: Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39350
WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability
Description: Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39349
WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39348
WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-32928
WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-32927
WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-32926
WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-32925
WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0.

CVSS: HIGH (8.3)

EPSS Score: 0.11%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-32924
WordPress Revy plugin <= 2.1 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-31027
WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)