CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-6086 |
Description: The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.2) EPSS Score: 0.32%
June 18th, 2025 (15 days ago)
|
|
CVE-2025-4413 |
Description: The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.26%
June 18th, 2025 (16 days ago)
|
|
CVE-2024-22289 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22284 |
Description: Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.
CVSS: HIGH (8.7) EPSS Score: 0.62% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22282 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a through 2.6.1.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22163 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from n/a through 18.5.7.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22162 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22160 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bradley B. Dalina Image Tag Manager allows Reflected XSS.This issue affects Image Tag Manager: from n/a through 1.5.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22154 |
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.
CVSS: HIGH (7.5) EPSS Score: 0.3% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|
|
CVE-2024-22135 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.
CVSS: HIGH (8.0) EPSS Score: 0.24% SSVC Exploitation: none
June 17th, 2025 (16 days ago)
|