CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-52819	WordPress Pakke Envíos plugin <= 1.0.2 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2. CVSS: HIGH (8.5) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-52804	WordPress Nuss theme <= 1.3.3 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3. CVSS: HIGH (7.5) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-52803	WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. CVSS: HIGH (7.5) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-52787	WordPress Tennis Court Bookings plugin <= 1.2.7 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings allows Reflected XSS. This issue affects Tennis Court Bookings: from n/a through 1.2.7. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-52786	WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kingdom Creation Media Folder allows Reflected XSS. This issue affects Media Folder: from n/a through 1.0.0. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-52779	WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-52777	WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsMinds Pay with Contact Form 7 allows Reflected XSS. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-49888	WordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW WooCommerce On Sale!: from n/a through 1.39. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-49876	WordPress ProfileGrid <= 5.9.5.2 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2. CVSS: HIGH (8.5) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)
CVE-2025-49034	WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.10.2. CVSS: HIGH (7.6) EPSS Score: 0.03% Source: CVE July 16th, 2025 (1 day ago)