Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total272
Critical26
High83
Medium161
Reset
Showing 41-60 of 272 records
Threat Entry Updated 2026-01-20

CVE-2025-68974 - WordPress Core

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through

CORE WordPress Core

CVE-2025-68974

CRITICAL CVSS 9.8 2025-12-30
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-68893 - WordPress Core

Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.

CORE WordPress Core

CVE-2025-68893

MEDIUM CVSS 4.9 2025-12-29
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-68597 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through

CORE WordPress Core

CVE-2025-68597

MEDIUM CVSS 5.4 2025-12-24
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-64273 - WordPress Core

Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through

CORE WordPress Core

CVE-2025-64273

HIGH CVSS 7.5 2025-12-18
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-64272 - WordPress Core

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through

CORE WordPress Core

CVE-2025-64272

MEDIUM CVSS 6.5 2025-12-18
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-64253 - WordPress Core

Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through

CORE WordPress Core

CVE-2025-64253

MEDIUM CVSS 4.9 2025-12-16
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-67535 - WordPress Core

Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through

CORE WordPress Core

CVE-2025-67535

MEDIUM CVSS 6.5 2025-12-09
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-67516 - WordPress Core

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through

CORE WordPress Core

CVE-2025-67516

CRITICAL CVSS 9.8 2025-12-09
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-64259 - WordPress Core

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through

CORE WordPress Core

CVE-2025-64259

MEDIUM CVSS 6.5 2025-11-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-48089 - WordPress Core

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.

CORE WordPress Core

CVE-2025-48089

CRITICAL CVSS 9.8 2025-11-06
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-22288 - WordPress Core

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through

CORE WordPress Core

CVE-2025-22288

MEDIUM CVSS 4.1 2025-11-06
Open Full Technical Breakdown
Threat Entry Updated 2025-11-06

CVE-2025-8871 - WordPress Core

The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with a non-required signature form field along with an image upload field. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin…

CORE WordPress Core

CVE-2025-8871

MEDIUM CVSS 5.6 2025-11-05
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-62987 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through

CORE WordPress Core

CVE-2025-62987

MEDIUM CVSS 6.5 2025-10-27
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-62048 - WordPress Core

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through

CORE WordPress Core

CVE-2025-62048

MEDIUM CVSS 5.4 2025-10-22
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-49953 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeinity ShareBang, Ultimate Social Share Buttons for WordPress sharebang allows Reflected XSS.This issue affects ShareBang, Ultimate Social Share Buttons for WordPress: from n/a through

CORE WordPress Core

CVE-2025-49953

HIGH CVSS 7.1 2025-10-22
Open Full Technical Breakdown
Threat Entry Updated 2025-10-21

CVE-2025-11703 - WordPress Core

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results.

CORE WordPress Core

CVE-2025-11703

MEDIUM CVSS 5.3 2025-10-18
Open Full Technical Breakdown
Threat Entry Updated 2025-10-21

CVE-2025-11372 - WordPress Core

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to __return_true. This makes it possible for unauthenticated attackers to perform destructive database operations including dropping indexes on any table (including WordPress core tables like wp_options), creating duplicate configuration entries, and degrading site performance via the /wp-json/lp/v1/admin/tools/create-indexs endpoint granted they can provide table names.

CORE WordPress Core

CVE-2025-11372

MEDIUM CVSS 6.5 2025-10-18
Open Full Technical Breakdown
Threat Entry Updated 2025-09-26

CVE-2025-60156 - WordPress Core

Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For WordPress: from n/a through 7.98.

CORE WordPress Core

CVE-2025-60156

CRITICAL CVSS 9.6 2025-09-26
Open Full Technical Breakdown
Threat Entry Updated 2025-10-01

CVE-2025-58674 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10,…

CORE WordPress Core

CVE-2025-58674

MEDIUM CVSS 5.9 2025-09-23
Open Full Technical Breakdown
Threat Entry Updated 2025-10-01

CVE-2025-58246 - WordPress Core

Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from…

CORE WordPress Core

CVE-2025-58246

MEDIUM CVSS 4.3 2025-09-23
Open Full Technical Breakdown
Scroll to top