Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-32680
WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream allows Stored XSS. This issue affects Review Stream: from n/a through 1.6.7.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32679
WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32678
WordPress WP Show Stats plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats allows Cross Site Request Forgery. This issue affects WP Show Stats: from n/a through 1.5.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32677
WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32676
WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32675
WordPress SEO Help plugin <= 6.6.0 - Server Side Request Forgery (SSRF) vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0.

CVSS: MEDIUM (6.8)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32673
WordPress Epeken All Kurir plugin <= 1.4.6.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 1.4.6.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32669
WordPress Mergado Pack plugin <= 4.1.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Stored XSS. This issue affects Mergado Pack: from n/a through 4.1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32667
WordPress Doppler Forms plugin <= 2.4.5 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32664
WordPress Nepali Date Utilities plugin <= 1.0.13 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities allows Stored XSS. This issue affects Nepali Date Utilities: from n/a through 1.0.13.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)