Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

330 New today

65,663 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure

Vulnerability Details Basic Information Title CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure Type...

May 6, 2025

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
Unknown	ADV-3298	CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass to Account Takeover Vulnerability Details Basic Information Title CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3297	CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function Vulnerability Details Basic Information Title CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization t...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3296	CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover Vulnerability Details Basic Information Title CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege...	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3295	CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation Vulnerability Details Basic Information Title CVE-2025-4335 Woocommerce Multiple Addresses	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3294	CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode Vulnerability Details Basic Information Title CVE-2025-4055 Multiple Post Type Order	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3293	CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter Vulnerability Details Basic Information Title CVE-2025-3860 CarDealerPress	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3292	CVE-2025-4220 Xavin’s List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability Details Basic Information Title CVE-2025-4220 Xavin’s List Subpages	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3291	CVE-2025-4054 Relevanssi <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights Vulnerability Details Basic Information Title CVE-2025-4054 Relevanssi	N/A	N/A	May 6, 2025	NEWS
Unknown	ADV-3290	CVE-2025-3218 Vulnerability Details Basic Information Title CVE-2025-3218 Type cve Published 2025-05-07T02:15:31 Last Seen 2025-05-07T02:23:10 CVSS Score 5.4 (ME...	N/A	N/A	May 6, 2025	NEWS

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 – 2.7.13 – Authenticated (Subscriber+) Information Exposure

Recent Advisories

CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Authentication Bypass to Account Takeover

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 – 7.5.2 – Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 – 2.6.0 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover

CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation

CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode

CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter

CVE-2025-4220 Xavin’s List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-4054 Relevanssi <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights

CVE-2025-3218

Protect Your Attack Surface with RedGem

Security Intelligence
Feed