CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47452 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
June 17th, 2025 (2 days ago)
|
|
CVE-2025-39479 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
June 17th, 2025 (2 days ago)
|
|
CVE-2025-32510 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager allows Using Malicious Files. This issue affects Ovatheme Events Manager: from n/a through 1.7.5.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
June 17th, 2025 (2 days ago)
|
|
CVE-2025-31919 |
Description: Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
June 17th, 2025 (2 days ago)
|
|
CVE-2025-30618 |
Description: Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce allows Object Injection. This issue affects Rapyd Payment Extension for WooCommerce: from n/a through 1.2.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
June 17th, 2025 (2 days ago)
|
|
CVE-2025-24773 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
June 17th, 2025 (2 days ago)
|
|
CVE-2025-6065 |
Description: The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: CRITICAL (9.1) EPSS Score: 0.83%
June 14th, 2025 (5 days ago)
|
|
CVE-2025-5288 |
Description: The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
June 13th, 2025 (7 days ago)
|
|
CVE-2025-4973 |
Description: The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
CVSS: CRITICAL (9.8) EPSS Score: 0.22%
June 12th, 2025 (7 days ago)
|
|
CVE-2025-49507 |
Description: Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|