CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4654
Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion
Description: The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)

CVSS: LOW (3.7)

EPSS Score: 0.06%

Source: CVE
July 2nd, 2025 (16 days ago)

CVE-2024-22308
WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.

CVSS: LOW (3.4)

EPSS Score: 0.1%

SSVC Exploitation: none

Source: CVE
June 17th, 2025 (30 days ago)

CVE-2024-23825
TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts
Description: TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.

CVSS: LOW (3.0)

EPSS Score: 0.4%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (about 2 months ago)

CVE-2024-10098
ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
Description: The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain

CVSS: LOW (2.7)

EPSS Score: 0.04%

Source: CVE
May 15th, 2025 (2 months ago)

CVE-2025-3583
Newsletter < 8.7.1 - Admin+ Stored XSS
Description: The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
May 5th, 2025 (2 months ago)

CVE-2025-3514
SureForms < 1.4.4 - Admin+ Stored XSS
Description: The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
May 2nd, 2025 (3 months ago)

CVE-2025-3513
SureForms < 1.4.4 - Admin+ Stored XSS
Description: The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
May 2nd, 2025 (3 months ago)

CVE-2025-3504
WP Maps < 4.7.2 - Admin+ Stored XSS
Description: The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
May 1st, 2025 (3 months ago)

CVE-2025-3502
WP Maps < 4.7.2 - Admin+ Stored XSS
Description: The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
May 1st, 2025 (3 months ago)

CVE-2024-12273
Calculated Fields Form < 5.2.62 - Admin+ Stored XSS
Description: The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
April 29th, 2025 (3 months ago)