CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-47655	WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47653	WordPress WP-Recall <= 16.26.14 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47649	WordPress Open Close WooCommerce Store <= 4.9.5 - Local File Inclusion Vulnerability Description: Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47648	WordPress Pays – WooCommerce Payment Gateway <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway allows Stored XSS. This issue affects Pays – WooCommerce Payment Gateway: from n/a through 2.6. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47643	WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47639	WordPress Supertext Translation and Proofreading plugin <= 4.25 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading allows Stored XSS. This issue affects Supertext Translation and Proofreading: from n/a through 4.25. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47636	WordPress List category posts <= 0.90.3 - Local File Inclusion Vulnerability Description: Path Traversal vulnerability in Fernando Briano List category posts allows PHP Local File Inclusion. This issue affects List category posts: from n/a through 0.90.3. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47629	WordPress WP-CRM System <= 3.4.1 - PHP Object Injection Vulnerability Description: Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1. CVSS: HIGH (7.2) EPSS Score: 0.06% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47620	WordPress Martins Free Monetized Ad Exchange Network plugin <= 1.0.5 - CSRF to XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network allows Reflected XSS. This issue affects Martins Free Monetized Ad Exchange Network: from n/a through 1.0.5. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47587	WordPress YaySMTP <= 2.6.4 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows Blind SQL Injection. This issue affects YaySMTP: from n/a through 2.6.4. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE May 7th, 2025 (about 1 month ago)