CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-23640	WordPress Rename Author Slug plugin <= 1.2.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23639	WordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23627	WordPress Comment-Emailer plugin <= 1.0.5 - CSRF to Stored Cross-Site Scripting vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through 1.0.5. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23623	WordPress Contact Form 7 – CCAvenue Add-on plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23620	WordPress Captchelfie – Captcha by Selfie plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie – Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through 1.0.7. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23618	WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through 0.9. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23617	WordPress Floatbox Plus plugin <= 1.4.4 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Floatbox Plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through 1.4.4. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23577	WordPress Word Freshener plugin <= 1.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener allows Stored XSS.This issue affects Word Freshener: from n/a through 1.3. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23573	WordPress WP Background Tile plugin <= 1.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Sam Burdge WP Background Tile allows Stored XSS.This issue affects WP Background Tile: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)
CVE-2025-23572	WordPress UpDownUpDown plugin <= 1.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka, Martin Scharm UpDownUpDown allows Stored XSS.This issue affects UpDownUpDown: from n/a through 1.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (5 months ago)