CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24672	WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24669	WordPress SERPed.net Plugin <= 4.4 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SERPed SERPed.net allows SQL Injection. This issue affects SERPed.net: from n/a through 4.4. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24663	WordPress Simple Download Monitor plugin <= 3.9.25 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a through 3.9.25. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24659	WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24636	WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24587	WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Blind SQL Injection. This issue affects Email Subscription Popup: from n/a through 1.2.23. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24570	WordPress Atarim plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24562	WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24561	WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24555	WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)