CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-43832	WordPress Remote Images Grabber plugin <= 0.6 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through 0.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-39459	WordPress Real Estate 7 theme <= 3.5.2 - Privilege Escalation vulnerability Description: Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through 3.5.2. CVSS: HIGH (7.3) EPSS Score: 0.05% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-39458	WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2. CVSS: HIGH (8.1) EPSS Score: 0.18% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-39451	WordPress JetBlocks For Elementor <= 1.3.16 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-39449	WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through 2.1.18. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-39447	WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-39446	WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-27010	WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability Description: Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2. CVSS: HIGH (8.1) EPSS Score: 0.06% Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-26997	WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11. CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 19th, 2025 (28 days ago)
CVE-2025-26735	WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9. CVSS: HIGH (7.5) EPSS Score: 0.11% Source: CVE May 19th, 2025 (28 days ago)