CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25599 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.
CVSS: HIGH (7.1) EPSS Score: 0.14% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3474 |
Description: The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVSS: HIGH (8.8) EPSS Score: 0.03% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2025-2319 |
Description: The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-13690 |
Description: The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.13%
March 25th, 2025 (3 months ago)
|
|
CVE-2025-30621 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30620 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30612 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS. This issue affects Replace Default Words: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30608 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30604 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jiangqie JiangQie Official Website Mini Program allows Blind SQL Injection. This issue affects JiangQie Official Website Mini Program: from n/a through 1.8.2.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30603 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|