Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39445
WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-27010
WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability
Description: Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.

CVSS: HIGH (8.1)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26997
WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26892
WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26872
WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-26735
WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-46543
WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-46263
WordPress Author Box After Posts plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through 1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-46262
WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through 1.5.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-43841
WordPress WP Vegas plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects WP Vegas: from n/a through 2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)