Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2025/12/16 7:21 a.m.2 views

CVE-2025-13439

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...

5.9CVSS5.4AI score0.00045EPSS
Exploits0References3
CVE
CVEadded 2025/10/31 7:26 a.m.10 views

CVE-2025-10897

The CVE-2025-10897 vulnerability affects the WooCommerce Designer Pro plugin for WordPress (versions up to and including 1.9.28). It allows unauthenticated arbitrary file reads, enabling an attacker to read server files such as wp-config.php and potentially exposed database credentials. Wordfence...

8.6CVSS5.8AI score0.16252EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/31 7:26 a.m.154 views

CVE-2025-10897 WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

8.6CVSS0.16252EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/08/23 7:28 a.m.2 views

CVE-2025-8895

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

9.8CVSS7.2AI score0.00488EPSS
Exploits0References1
NVD
NVDadded 2025/08/21 8:15 a.m.4 views

CVE-2025-8895

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

9.8CVSS0.00488EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/05/22 11:31 p.m.2 views

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

7.5CVSS6.8AI score0.00482EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2022/08/08 2:15 p.m.1 views

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

7.5CVSS5.9AI score0.00495EPSS
Exploits1References2
Rows per page
Query Builder