CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-28974
WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-28966
WordPress Recent Posts Slider Responsive plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-28964
WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-28958
WordPress Bg Orthodox Calendar plugin <= 0.13.10 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-28954
WordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.

CVSS: HIGH (7.4)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-28950
WordPress Post Author <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-28948
WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-26590
WordPress Complete Google Seo Scan <= 3.5.1 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-48329
WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
June 6th, 2025 (14 days ago)

CVE-2025-47584
WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: CVE
June 6th, 2025 (14 days ago)