Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-28
CVE-2026-22383 - WordPress Core
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through
CORE
WordPress Core
CVE-2026-22383
Risk Score
Threat Entry
Updated 2026-02-25
CVE-2025-68837 - WordPress Core
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through
CORE
WordPress Core
CVE-2025-68837
Risk Score
Threat Entry
Updated 2026-02-25
CVE-2025-68028 - WordPress Core
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through
CORE
WordPress Core
CVE-2025-68028
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-27052 - WordPress Core
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through < 1.1.9.
CORE
WordPress Core
CVE-2026-27052
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-25392 - WordPress Core
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through
CORE
WordPress Core
CVE-2026-25392
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-25325 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through
CORE
WordPress Core
CVE-2026-25325
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-25315 - WordPress Core
Improperly implemented security check vulnerability in KAGG hCaptcha for WP allows CAPTCHA Functionality Bypass.This issue affects hCaptcha for WP: from n/a through 4.21.1. The vulnerability is limited to the CAPTCHA mechanism intended to protect a publicly accessible form from automated abuse. It does not impact WordPress-level authentication or authorization controls.
CORE
WordPress Core
CVE-2026-25315
Risk Score
Threat Entry
Updated 2026-02-11
CVE-2025-15096 - WordPress Core
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
CORE
WordPress Core
CVE-2025-15096
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-24998 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through
CORE
WordPress Core
CVE-2026-24998
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-24627 - WordPress Core
Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through
CORE
WordPress Core
CVE-2026-24627
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-24593 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through
CORE
WordPress Core
CVE-2026-24593
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-66428 - WordPress Core
An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.
CORE
WordPress Core
CVE-2025-66428
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22358 - WordPress Core
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through
CORE
WordPress Core
CVE-2026-22358
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-22359 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through
CORE
WordPress Core
CVE-2026-22359
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-53240 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through
CORE
WordPress Core
CVE-2025-53240
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-49043 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through
CORE
WordPress Core
CVE-2025-49043
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2025-9427 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.
CORE
WordPress Core
CVE-2025-9427
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-68887 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through
CORE
WordPress Core
CVE-2025-68887
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-27004 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through
CORE
WordPress Core
CVE-2025-27004
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2025-29004 - WordPress Core
Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0.
CORE
WordPress Core
CVE-2025-29004
Risk Score