Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49292	WordPress Profile Builder <= 3.13.8 - Content Spoofing Vulnerability Description: Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49291	WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49289	WordPress PDF for WPForms <= 5.5.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.5.0. CVSS: MEDIUM (5.0) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49288	WordPress Ultimate WP Mail <= 1.3.5 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49287	WordPress Product Feed for WooCommerce <= 2.2.8 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49286	WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49285	WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49284	WordPress WP Maintenance Mode & Site Under Construction <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction allows Cross Site Request Forgery. This issue affects WP Maintenance Mode & Site Under Construction: from n/a through 4.3. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49283	WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49273	WordPress WP Tools <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)