Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-46543
WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-46263
WordPress Author Box After Posts plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through 1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-46262
WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through 1.5.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-43841
WordPress WP Vegas plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects WP Vegas: from n/a through 2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-43840
WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-43835
WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-43834
WordPress cookieBAR plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR allows Stored XSS.This issue affects cookieBAR: from n/a through 1.7.0.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-43833
WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39460
WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-39454
WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)