CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-7712 |
Description: The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: CRITICAL (9.1)
July 17th, 2025 (about 13 hours ago)
|
|
CVE-2025-5396 |
Description: The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed directly to call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. On WordPress sites running the Alone theme versions 7.8.4 and older, this can be chained with CVE-2025-5394 to install the Bears Backup plugin and achieve the same impact.
CVSS: CRITICAL (9.8)
July 17th, 2025 (about 13 hours ago)
|
|
CVE-2025-52836 |
Description: Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-52714 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows SQL Injection. This issue affects Traveler: from n/a through n/a.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-48300 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg allows Upload a Web Shell to a Web Server. This issue affects Groundhogg: from n/a through 4.2.1.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-30973 |
Description: Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a through 1.4.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-30949 |
Description: Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through 1.0.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-30936 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-29009 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-28982 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
July 16th, 2025 (1 day ago)
|