Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39451
WordPress JetBlocks For Elementor <= 1.3.16 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39449
WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through 2.1.18.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39447
WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39446
WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39445
WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-27010
WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability
Description: Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.

CVSS: HIGH (8.1)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26997
WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26892
WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26872
WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26735
WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
May 19th, 2025 (21 days ago)