Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-11
CVE-2025-15096 - WordPress Core
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
CORE
WordPress Core
CVE-2025-15096
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-24998 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through
CORE
WordPress Core
CVE-2026-24998
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-24627 - WordPress Core
Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through
CORE
WordPress Core
CVE-2026-24627
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24593 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through
CORE
WordPress Core
CVE-2026-24593
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-66428 - WordPress Core
An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.
CORE
WordPress Core
CVE-2025-66428
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22358 - WordPress Core
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through
CORE
WordPress Core
CVE-2026-22358
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22359 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through
CORE
WordPress Core
CVE-2026-22359
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-53240 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through
CORE
WordPress Core
CVE-2025-53240
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-49043 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through
CORE
WordPress Core
CVE-2025-49043
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2025-9427 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.
CORE
WordPress Core
CVE-2025-9427
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-68887 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through
CORE
WordPress Core
CVE-2025-68887
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-27004 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through
CORE
WordPress Core
CVE-2025-27004
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2025-29004 - WordPress Core
Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0.
CORE
WordPress Core
CVE-2025-29004
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-69331 - WordPress Core
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through
CORE
WordPress Core
CVE-2025-69331
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-28949 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
CORE
WordPress Core
CVE-2025-28949
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-62083 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon Plugin: from n/a through 1.0.4.
CORE
WordPress Core
CVE-2025-62083
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-63005 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9.
CORE
WordPress Core
CVE-2025-63005
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-52835 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9.
CORE
WordPress Core
CVE-2025-52835
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-62746 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a through 1.0.18.
CORE
WordPress Core
CVE-2025-62746
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-69022 - WordPress Core
Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through
CORE
WordPress Core
CVE-2025-69022
Risk Score