CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-28894 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28892 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28891 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28883 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28861 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28860 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28857 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-1707 |
Description: The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
CVSS: HIGH (8.8) EPSS Score: 0.1%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-2169 |
Description: The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.14%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-26933 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 10th, 2025 (3 months ago)
|