Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-06
CVE-2025-49419 - WordPress Core
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
CORE
WordPress Core
CVE-2025-49419
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2025-49328 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.
CORE
WordPress Core
CVE-2025-49328
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2025-49329 - WordPress Core
Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.
CORE
WordPress Core
CVE-2025-49329
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2025-30938 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n/a through 3.0.2.
CORE
WordPress Core
CVE-2025-30938
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2025-28948 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
CORE
WordPress Core
CVE-2025-28948
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2025-3704 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a before 5.5.5. The patch is available exclusively on GitHub at https://github.com/dbarproductions/pta-volunteer-sign-up-sheets , as the vendor encounters difficulties using SVN to deploy to the WordPress.org repository.
CORE
WordPress Core
CVE-2025-3704
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2025-47670 - WordPress Core
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register: from n/a through 7.6.10.
CORE
WordPress Core
CVE-2025-47670
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2025-32292 - WordPress Core
Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11.
CORE
WordPress Core
CVE-2025-32292
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2025-31914 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2.
CORE
WordPress Core
CVE-2025-31914
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-39372 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0.
CORE
WordPress Core
CVE-2025-39372
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-47581 - WordPress Core
Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0.
CORE
WordPress Core
CVE-2025-47581
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-39409 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
CORE
WordPress Core
CVE-2025-39409
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-47582 - WordPress Core
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0.
CORE
WordPress Core
CVE-2025-47582
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-46262 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through 1.5.1.
CORE
WordPress Core
CVE-2025-46262
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-39376 - WordPress Core
Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress.This issue affects Car Park Booking System for WordPress: from n/a through 2.6.
CORE
WordPress Core
CVE-2025-39376
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2025-47556 - WordPress Core
Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.5.
CORE
WordPress Core
CVE-2025-47556
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2025-47534 - WordPress Core
Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.
CORE
WordPress Core
CVE-2025-47534
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2025-31922 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.
CORE
WordPress Core
CVE-2025-31922
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2025-31923 - WordPress Core
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.
CORE
WordPress Core
CVE-2025-31923
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2025-32180 - WordPress Core
Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Tooltips for WordPress: from n/a through 1.8.
CORE
WordPress Core
CVE-2025-32180
Risk Score