CyberAlerts

CVE-2025-39566

WordPress Hostel <= 1.1.5.6 - SQL Injection Vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel allows Blind SQL Injection. This issue affects Hostel: from n/a through 1.1.5.6.

CVSS: HIGH (7.6)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39548

WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17.

CVSS: HIGH (7.1)

EPSS Score: 0.01%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39547

WordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3.

CVSS: HIGH (7.1)

EPSS Score: 0.01%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39544

WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal. This issue affects WP Tools: from n/a through 5.18.

CVSS: HIGH (7.4)

EPSS Score: 0.02%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39530

WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7.

CVSS: HIGH (7.1)

EPSS Score: 0.01%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39518

WordPress BMA Lite <= 1.4.2 - SQL Injection Vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2.

CVSS: HIGH (7.6)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-30960

WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability

Description: Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.

CVSS: HIGH (8.3)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-32923

WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 15th, 2025 (4 days ago)

CVE-2025-30984

WordPress SEO Tools plugin <= 4.0.7 - Reflected Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 15th, 2025 (4 days ago)

CVE-2025-30970

WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Contact allows Reflected XSS. This issue affects Easy Contact: from n/a through 0.1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 15th, 2025 (4 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: