Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22678
WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2024-33939
WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)
Alleged Sale of Unauthorized Admin Access to a UK WordPress Gambling Platform
Description: Alleged Sale of Unauthorized Admin Access to a UK WordPress Gambling Platform
Source: DarkWebInformer
May 19th, 2025 (21 days ago)

CVE-2025-48346
WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-48344
WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-48342
WordPress Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce allows Cross Site Request Forgery. This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through 2.0.3.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-48341
WordPress Form Maker by 10Web <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-48288
WordPress ElementInvader Addons for Elementor <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-48285
WordPress Falang multilanguage <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (21 days ago)

CVE-2025-48284
WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (21 days ago)