Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-32518
WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32505
WordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer allows Stored XSS. This issue affects MultiMailer: from n/a through 1.0.3.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32503
WordPress Link Shield plugin <= 0.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32502
WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu allows Stored XSS. This issue affects ePaper Lister for Yumpu: from n/a through 1.4.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32501
WordPress RentSyst plugin <= 2.0.72 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in dimafreund RentSyst allows Stored XSS. This issue affects RentSyst: from n/a through 2.0.72.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32500
WordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget allows Stored XSS. This issue affects Codescar Radio Widget: from n/a through 0.4.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32499
WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affects Logo Showcase Ultimate: from n/a through 1.4.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32498
WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post allows Stored XSS. This issue affects VKontakte Cross-Post: from n/a through 0.3.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32497
WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block allows Stored XSS. This issue affects Spoiler Block: from n/a through 1.7.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-32496
WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.

CVSS: CRITICAL (9.6)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)