Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-09
CVE-2025-12057 - Before 3 Plugin
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE
PLUGIN
Before 3
CVE-2025-12057
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12174 - Ai Powered Business Directory Plugin With Classified Ads Listings
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export listing details and change the directorist slug.
PLUGIN
Ai Powered Business Directory Plugin With Classified Ads Listings
CVE-2025-12174
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12359 - Responsive Lightbox Plugin
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
PLUGIN
Responsive Lightbox
CVE-2025-12359
Risk Score
Threat Entry
Updated 2025-12-12
CVE-2025-12426 - Quiz Maker Plugin
The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint only validates a nonce, but that same nonce is publicly available to all site visitors via the quiz_maker_ajax_public localized script data. This makes it possible for unauthenticated attackers to extract sensitive data including quiz answers for any quiz question.
PLUGIN
Quiz Maker
CVE-2025-12426
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12349 - Email Subscribers Plugin
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `trigger_mailing_queue_sending` function. This makes it possible for unauthenticated attackers to force immediate email sending, bypass the schedule, increase server load, and change plugin state (e.g., last-cron-hit), enabling abuse or DoS-like effects.
PLUGIN
Email Subscribers
CVE-2025-12349
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-6251 - Royal Elementor Addons Plugin
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Royal Elementor Addons
CVE-2025-6251
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12777 - Yith Woocommerce Wishlist Plugin
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint (which uses permission_callback => '__return_true') and the AJAX delete_item handler (which only checks nonce validity without verifying object-level authorization). This makes it possible for unauthenticated attackers to disclose wishlist tokens for any user and subsequently delete wishlist items by chaining the REST API authorization bypass with the…
PLUGIN
Yith Woocommerce Wishlist
CVE-2025-12777
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12770 - New User Approve Plugin
The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to "0" on sites where the Zapier API key has not been configured.
PLUGIN
New User Approve
CVE-2025-12770
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12427 - Yith Woocommerce Wishlist Plugin
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to discover any user's wishlist token ID, and subsequently rename the victim's wishlist without authorization (integrity impact). This can be exploited to target multi-user stores for defacement, social engineering attacks, mass tampering, and profiling at scale.
PLUGIN
Yith Woocommerce Wishlist
CVE-2025-12427
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-8084 - Ai Engine Plugin
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving.
PLUGIN
Ai Engine
CVE-2025-8084
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12376 - Icon List Block Plugin
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response.
PLUGIN
Icon List Block
CVE-2025-12376
Risk Score
Threat Entry
Updated 2025-11-19
CVE-2025-12545 - Woocommerce Google Adwords Conversion Tracking Tag Plugin
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
PLUGIN
Woocommerce Google Adwords Conversion Tracking Tag
CVE-2025-12545
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-11427 - Wp Migrate Db Plugin
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdb_flush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to obtain information about internal services.
PLUGIN
Wp Migrate Db
CVE-2025-11427
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-4212 - Checkout Files Upload For Woocommerce Plugin
The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in image files that will execute whenever a user accesses the injected page.
PLUGIN
Checkout Files Upload For Woocommerce
CVE-2025-4212
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-13069 - Enable Svg Webp Ico Upload Plugin
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitization while being accepted as a valid ICO file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
Enable Svg Webp Ico Upload
CVE-2025-13069
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-13133 - A3 User Importer Plugin
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration
PLUGIN
A3 User Importer
CVE-2025-13133
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-13196 - Element Pack Addons For Elementor Plugin
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Element Pack Addons For Elementor
CVE-2025-13196
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-12955 - Live Sales Notification For Woocommerce Plugin
The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to display recent order information. This makes it possible for unauthenticated attackers to extract sensitive customer information including buyer first names, city, state, country, purchase time and date, and product details.
PLUGIN
Live Sales Notification For Woocommerce
CVE-2025-12955
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-12691 - Others Plugin
The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.
PLUGIN
Others
CVE-2025-12691
Risk Score
Threat Entry
Updated 2025-11-18
CVE-2025-12639 - Catalog Mode Pricing Enquiry Forms Promotions Plugin
The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access sensitive information via the AJAX endpoint. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information including user emails, usernames, roles, capabilities, and WooCommerce data such as products and payment methods.
PLUGIN
Catalog Mode Pricing Enquiry Forms Promotions
CVE-2025-12639
Risk Score