Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-20
CVE-2025-69331 - WordPress Core
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through
CORE
WordPress Core
CVE-2025-69331
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-28949 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
CORE
WordPress Core
CVE-2025-28949
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-62083 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon Plugin: from n/a through 1.0.4.
CORE
WordPress Core
CVE-2025-62083
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-63005 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9.
CORE
WordPress Core
CVE-2025-63005
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-52835 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9.
CORE
WordPress Core
CVE-2025-52835
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-62746 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a through 1.0.18.
CORE
WordPress Core
CVE-2025-62746
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-69022 - WordPress Core
Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through
CORE
WordPress Core
CVE-2025-69022
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-68974 - WordPress Core
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through
CORE
WordPress Core
CVE-2025-68974
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-68893 - WordPress Core
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.
CORE
WordPress Core
CVE-2025-68893
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-68597 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through
CORE
WordPress Core
CVE-2025-68597
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-64273 - WordPress Core
Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through
CORE
WordPress Core
CVE-2025-64273
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-64272 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through
CORE
WordPress Core
CVE-2025-64272
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-64253 - WordPress Core
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through
CORE
WordPress Core
CVE-2025-64253
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-67535 - WordPress Core
Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through
CORE
WordPress Core
CVE-2025-67535
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-67516 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through
CORE
WordPress Core
CVE-2025-67516
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-64259 - WordPress Core
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through
CORE
WordPress Core
CVE-2025-64259
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-48089 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.
CORE
WordPress Core
CVE-2025-48089
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-22288 - WordPress Core
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through
CORE
WordPress Core
CVE-2025-22288
Risk Score
Threat Entry
Updated 2025-11-06
CVE-2025-8871 - WordPress Core
The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with a non-required signature form field along with an image upload field. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin…
CORE
WordPress Core
CVE-2025-8871
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2025-62987 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through
CORE
WordPress Core
CVE-2025-62987
Risk Score