Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49272	WordPress Trinity Audio <= 5.20.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in sergiotrinity Trinity Audio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trinity Audio: from n/a through 5.20.0. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49270	WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49269	WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49268	WordPress Verge3D <= 4.9.4 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49263	WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6. CVSS: HIGH (7.6) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49262	WordPress Sina Extension for Elementor <= 3.6.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1. CVSS: HIGH (7.6) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49250	WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49248	WordPress Team Showcase < 25.05.13 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in cmoreira Team Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Showcase: from n/a through n/a. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49246	WordPress Testimonials Showcase <= 1.9.16 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in cmoreira Testimonials Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Testimonials Showcase: from n/a through 1.9.16. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 18 hours ago)
CVE-2025-49244	WordPress Shortcodes Ultimate <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate allows Stored XSS. This issue affects Shortcodes Ultimate: from n/a through 7.3.5. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 18 hours ago)