Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-19
CVE-2025-31640 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through 1.4.
CORE
WordPress Core
CVE-2025-31640
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2025-31915 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2.
CORE
WordPress Core
CVE-2025-31915
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2025-46533 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8.
CORE
WordPress Core
CVE-2025-46533
Risk Score
Threat Entry
Updated 2025-04-30
CVE-2024-11299 - WordPress Core
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11299
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-39417 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.
CORE
WordPress Core
CVE-2025-39417
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-32630 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.
CORE
WordPress Core
CVE-2025-32630
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-32592 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3.
CORE
WordPress Core
CVE-2025-32592
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-32520 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed allows Reflected XSS. This issue affects WordPress Health and Server Condition – Integrated with Google Page Speed: from n/a through 4.1.1.
CORE
WordPress Core
CVE-2025-32520
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-27291 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxgallery WordPress Photo Gallery – Image Gallery allows Reflected XSS. This issue affects WordPress Photo Gallery – Image Gallery: from n/a through 2.0.4.
CORE
WordPress Core
CVE-2025-27291
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-24651 - WordPress Core
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data. This issue affects WordPress Backup & Migration: from n/a through 1.5.3.
CORE
WordPress Core
CVE-2025-24651
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-24548 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot – Automatic WordPress Translation allows Reflected XSS. This issue affects Autoglot – Automatic WordPress Translation: from n/a through 2.4.7.
CORE
WordPress Core
CVE-2025-24548
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2025-23906 - WordPress Core
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
CORE
WordPress Core
CVE-2025-23906
Risk Score
Threat Entry
Updated 2025-04-16
CVE-2025-39545 - WordPress Core
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3.
CORE
WordPress Core
CVE-2025-39545
Risk Score
Threat Entry
Updated 2025-04-11
CVE-2025-32629 - WordPress Core
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.
CORE
WordPress Core
CVE-2025-32629
Risk Score
Threat Entry
Updated 2025-04-11
CVE-2025-32569 - WordPress Core
Deserialization of Untrusted Data vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.2.
CORE
WordPress Core
CVE-2025-32569
Risk Score
Threat Entry
Updated 2025-04-11
CVE-2025-31015 - WordPress Core
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through 1.3.1.
CORE
WordPress Core
CVE-2025-31015
Risk Score
Threat Entry
Updated 2025-04-11
CVE-2025-32202 - WordPress Core
Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025.
CORE
WordPress Core
CVE-2025-32202
Risk Score
Threat Entry
Updated 2025-04-09
CVE-2025-32597 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily allows Cross-Site Scripting (XSS). This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through 1.4.8.
CORE
WordPress Core
CVE-2025-32597
Risk Score
Threat Entry
Updated 2025-04-09
CVE-2025-32581 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n/a through 2.0.4.
CORE
WordPress Core
CVE-2025-32581
Risk Score
Threat Entry
Updated 2025-04-09
CVE-2025-31035 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md – The Perfect WordPress Markdown Editor: from n/a through 10.2.1.
CORE
WordPress Core
CVE-2025-31035
Risk Score