Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

54 New today

62,286 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

Jun 15

Critical

High

Medium

Low

Latest

CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

Vulnerability Details Basic Information Title CVE-2025-2821 Search Exclude

May 6, 2025

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
Unknown	ADV-3301	CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation Vulnerability Details Basic Information Title CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Insecure Direct Object Reference to A...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3300	CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Unauthenticated Email Enumeration Vulnerability Details Basic Information Title CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3299	CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure Vulnerability Details Basic Information Title CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 &...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3298	CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass to Account Takeover Vulnerability Details Basic Information Title CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3297	CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function Vulnerability Details Basic Information Title CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3296	CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover Vulnerability Details Basic Information Title CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3295	CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation Vulnerability Details Basic Information Title CVE-2025-4335 Woocommerce Multiple Addresses	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3294	CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode Vulnerability Details Basic Information Title CVE-2025-4055 Multiple Post Type Order	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3293	CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter Vulnerability Details Basic Information Title CVE-2025-3860 CarDealerPress	N/A	N/A	May 6, 2025	NEWS

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

Recent Advisories

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Unauthenticated Email Enumeration

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure

CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass to Account Takeover

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover

CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation

CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode

CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter

Protect Your Attack Surface with RedGem

Security Intelligence
Feed