Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-32576
WordPress WP shop plugin <= 2.6.0 - CSRF to Arbitrary File Upload vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.

CVSS: CRITICAL (9.6)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32575
WordPress WP w3all phpBB Plugin <= 2.9.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Reflected XSS. This issue affects WP w3all phpBB: from n/a through 2.9.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32570
WordPress ChillPay WooCommerce Plugin <= 2.5.3 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce allows Stored XSS. This issue affects ChillPay WooCommerce: from n/a through 2.5.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32563
WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger allows Cross Site Request Forgery. This issue affects WP Calais Auto Tagger: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32559
WordPress REVE Chat plugin <= 6.2.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat allows Stored XSS. This issue affects REVE Chat: from n/a through 6.2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32556
WordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager allows Reflected XSS. This issue affects Simple Post Meta Manager: from n/a through 1.0.9.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32555
WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32550
WordPress Click & Pledge Connect Plugin Plugin <= 2.24080000-WP6.6.1 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32547
WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Blind SQL Injection. This issue affects All push notification for WP: from n/a through 1.5.3.

CVSS: HIGH (8.2)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32543
WordPress Canonical Attachments Plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments allows Reflected XSS. This issue affects Canonical Attachments: from n/a through 1.7.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)