Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31032
WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31026
WordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded allows Stored XSS. This issue affects Comment Validation Reloaded: from n/a through 0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31023
WordPress Seo Meta Tags plugin <= 1.4 - CSRF to Privilege Escalation vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4.

CVSS: HIGH (8.8)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31020
WordPress Simple Spoiler <= 1.4 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS. This issue affects Simple Spoiler: from n/a through 1.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31017
WordPress Nav Menu Manager <= 3.2.5 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager allows Stored XSS. This issue affects Nav Menu Manager: from n/a through 3.2.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31012
WordPress Age Gate <= 3.5.4 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31009
WordPress IndieBlocks <= 0.13.1 - Server Side Request Forgery (SSRF) Vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.

CVSS: MEDIUM (5.4)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31008
WordPress YouTube Embed <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YouTube Embed Plugin Support YouTube Embed allows Stored XSS. This issue affects YouTube Embed: from n/a through 5.3.1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31005
WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request Forgery. This issue affects Easyfonts: from n/a through 1.1.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (12 days ago)

CVE-2025-31004
WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (12 days ago)