Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-07
CVE-2025-32267 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8.
CORE
WordPress Core
CVE-2025-32267
Risk Score
Threat Entry
Updated 2025-04-07
CVE-2025-32257 - WordPress Core
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. This issue affects 1 Click WordPress Migration: from n/a through 2.2.
CORE
WordPress Core
CVE-2025-32257
Risk Score
Threat Entry
Updated 2025-04-07
CVE-2025-32218 - WordPress Core
Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4.
CORE
WordPress Core
CVE-2025-32218
Risk Score
Threat Entry
Updated 2025-04-07
CVE-2025-32172 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS. This issue affects YaMaps for WordPress: from n/a through 0.6.31.
CORE
WordPress Core
CVE-2025-32172
Risk Score
Threat Entry
Updated 2025-04-07
CVE-2025-32166 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n/a through 1.3.3.
CORE
WordPress Core
CVE-2025-32166
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2025-31441 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria allows Reflected XSS. This issue affects WordPress Galleria: from n/a through 1.4.
CORE
WordPress Core
CVE-2025-31441
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31848 - WordPress Core
Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4.
CORE
WordPress Core
CVE-2025-31848
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31846 - WordPress Core
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7.
CORE
WordPress Core
CVE-2025-31846
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31735 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C. Johnson Footnotes for WordPress allows Stored XSS. This issue affects Footnotes for WordPress: from n/a through 2016.1230.
CORE
WordPress Core
CVE-2025-31735
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-30796 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 3.0.14.
CORE
WordPress Core
CVE-2025-30796
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-30559 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Kento WordPress Stats allows Stored XSS. This issue affects Kento WordPress Stats: from n/a through 1.1.
CORE
WordPress Core
CVE-2025-30559
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31616 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7.
CORE
WordPress Core
CVE-2025-31616
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31597 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n/a through 1.4.2.
CORE
WordPress Core
CVE-2025-31597
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31585 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery. This issue affects Leadfox for WordPress: from n/a through 2.1.8.
CORE
WordPress Core
CVE-2025-31585
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2025-31569 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS. This issue affects wordpress related Posts with thumbnails: from n/a through 3.0.0.1.
CORE
WordPress Core
CVE-2025-31569
Risk Score
Threat Entry
Updated 2025-03-19
CVE-2024-13410 - WordPress Core
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via…
CORE
WordPress Core
CVE-2024-13410
Risk Score
Threat Entry
Updated 2025-03-05
CVE-2024-11153 - WordPress Core
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
CORE
WordPress Core
CVE-2024-11153
Risk Score
Threat Entry
Updated 2025-02-14
CVE-2025-23492 - WordPress 淘宝客插件 Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 allows Reflected XSS. This issue affects WordPress 淘宝客插件: from n/a through 1.1.2.
PLUGIN
WordPress 淘宝客插件
CVE-2025-23492
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2024-11090 - WordPress Core
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11090
Risk Score
Threat Entry
Updated 2025-01-26
CVE-2024-10633 - WordPress Core
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CORE
WordPress Core
CVE-2024-10633
Risk Score