CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27355	WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27352	WordPress 无觅相关文章插件 plugin <= 1.0.5.7 - CSRF to Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 allows Stored XSS. This issue affects 无觅相关文章插件: from n/a through 1.0.5.7. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27332	WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown allows Stored XSS. This issue affects Smart Maintenance & Countdown: from n/a through 1.2. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27321	WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer allows Stored XSS. This issue affects Blightly Explorer: from n/a through 2.3.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27312	WordPress WP Sitemap plugin <= 1.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jenst WP Sitemap allows SQL Injection. This issue affects WP Sitemap: from n/a through 1.0. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27301	WordPress NHR Options Table Manager Plugin <= 1.1.2 - Deserialization of untrusted data vulnerability Description: Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager allows Object Injection. This issue affects NHR Options Table Manager: from n/a through 1.1.2. CVSS: HIGH (7.2) EPSS Score: 0.06% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27300	WordPress ADFO plugin <= 1.9.1 - Deserialization of untrusted data vulnerability Description: Deserialization of Untrusted Data vulnerability in giuliopanda ADFO allows Object Injection. This issue affects ADFO: from n/a through 1.9.1. CVSS: HIGH (7.2) EPSS Score: 0.06% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27298	WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1. CVSS: HIGH (8.3) EPSS Score: 0.05% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27297	WordPress Bravo Search & Replace Plugin <= 1.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace allows Blind SQL Injection. This issue affects Bravo Search & Replace: from n/a through 1.0. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27296	WordPress Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settings Change vulnerability Description: Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue: from n/a through 1.5. CVSS: HIGH (7.2) EPSS Score: 0.06% Source: CVE February 24th, 2025 (4 months ago)