Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

308 New today

65,585 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

298

Jun 25

Critical

High

Medium

Low

Latest

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

Vulnerability Details Basic Information Title CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation...

May 6, 2025

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
Unknown	ADV-3300	CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Unauthenticated Email Enumeration Vulnerability Details Basic Information Title CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3299	CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure Vulnerability Details Basic Information Title CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 &...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3298	CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass to Account Takeover Vulnerability Details Basic Information Title CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3297	CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function Vulnerability Details Basic Information Title CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3296	CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover Vulnerability Details Basic Information Title CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3295	CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation Vulnerability Details Basic Information Title CVE-2025-4335 Woocommerce Multiple Addresses	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3294	CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode Vulnerability Details Basic Information Title CVE-2025-4055 Multiple Post Type Order	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3293	CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter Vulnerability Details Basic Information Title CVE-2025-3860 CarDealerPress	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3292	CVE-2025-4220 Xavin’s List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability Details Basic Information Title CVE-2025-4220 Xavin’s List Subpages	N/A	N/A	May 6, 2025	NEWS

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

Recent Advisories

CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Unauthenticated Email Enumeration

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure

CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass to Account Takeover

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover

CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation

CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode

CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter

CVE-2025-4220 Xavin’s List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Protect Your Attack Surface with RedGem

Security Intelligence
Feed