Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-09-22
CVE-2025-58669 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS. This issue affects Magento 2 WordPress Integration: from n/a through 1.4.1.
CORE
WordPress Core
CVE-2025-58669
Risk Score
Threat Entry
Updated 2025-09-22
CVE-2025-58665 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress allows Stored XSS. This issue affects Form Generator for WordPress: from n/a through 1.5.2.
CORE
WordPress Core
CVE-2025-58665
Risk Score
Threat Entry
Updated 2025-09-22
CVE-2025-58020 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8.
CORE
WordPress Core
CVE-2025-58020
Risk Score
Threat Entry
Updated 2025-09-22
CVE-2025-57989 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brajesh Singh WordPress Widgets Shortcode allows Stored XSS. This issue affects WordPress Widgets Shortcode: from n/a through 1.0.3.
CORE
WordPress Core
CVE-2025-57989
Risk Score
Threat Entry
Updated 2025-09-22
CVE-2025-57919 - WordPress Core
Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 264.
CORE
WordPress Core
CVE-2025-57919
Risk Score
Threat Entry
Updated 2025-09-11
CVE-2025-58978 - WordPress Core
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
CORE
WordPress Core
CVE-2025-58978
Risk Score
Threat Entry
Updated 2025-09-11
CVE-2025-48101 - WordPress Core
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1.
CORE
WordPress Core
CVE-2025-48101
Risk Score
Threat Entry
Updated 2025-09-05
CVE-2025-58862 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily allows Stored XSS. This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through 1.5.3.
CORE
WordPress Core
CVE-2025-58862
Risk Score
Threat Entry
Updated 2025-09-05
CVE-2025-58850 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marcshowpass Showpass WordPress Extension allows Stored XSS. This issue affects Showpass WordPress Extension: from n/a through 4.0.3.
CORE
WordPress Core
CVE-2025-58850
Risk Score
Threat Entry
Updated 2025-09-05
CVE-2025-58846 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule allows Reflected XSS. This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through 2020.1.0.
CORE
WordPress Core
CVE-2025-58846
Risk Score
Threat Entry
Updated 2025-09-05
CVE-2025-58806 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3.
CORE
WordPress Core
CVE-2025-58806
Risk Score
Threat Entry
Updated 2025-09-04
CVE-2025-58632 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.
CORE
WordPress Core
CVE-2025-58632
Risk Score
Threat Entry
Updated 2025-09-04
CVE-2025-58621 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress allows Stored XSS. This issue affects PuzzleMe for WordPress: from n/a through 1.2.0.
CORE
WordPress Core
CVE-2025-58621
Risk Score
Threat Entry
Updated 2025-08-29
CVE-2025-48353 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS. This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through 1.3.5.
CORE
WordPress Core
CVE-2025-48353
Risk Score
Threat Entry
Updated 2025-08-29
CVE-2025-48347 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat bxSlider integration for WordPress allows Stored XSS. This issue affects bxSlider integration for WordPress: from n/a through 1.7.2.
CORE
WordPress Core
CVE-2025-48347
Risk Score
Threat Entry
Updated 2025-08-29
CVE-2025-48315 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML allows Stored XSS. This issue affects WordPress HTML: from n/a through 0.51.
CORE
WordPress Core
CVE-2025-48315
Risk Score
Threat Entry
Updated 2025-08-29
CVE-2025-0951 - WordPress Core
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate all of a site's plugins. While we escalated this to Envato after not being able to establish contact, it appears the developer added a nonce check, however that is not sufficient protection as the nonce is exposed to all users with access to the dashboard.
CORE
WordPress Core
CVE-2025-0951
Risk Score
Threat Entry
Updated 2025-08-22
CVE-2025-8607 - WordPress Core
The SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CORE
WordPress Core
CVE-2025-8607
Risk Score
Threat Entry
Updated 2025-08-14
CVE-2025-52731 - WordPress Core
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.
CORE
WordPress Core
CVE-2025-52731
Risk Score
Threat Entry
Updated 2025-08-14
CVE-2025-52730 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.
CORE
WordPress Core
CVE-2025-52730
Risk Score