CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12614 |
Description: The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 17th, 2025 (5 months ago)
|
|
CVE-2024-12613 |
Description: The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.09%
January 17th, 2025 (5 months ago)
|
|
CVE-2025-22799 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22795 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22793 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22786 |
Description: Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22784 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.This issue affects Background Control: from n/a through 1.0.5.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22778 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lijit Networks Inc. and Crowd Favorite Lijit Search allows Reflected XSS.This issue affects Lijit Search: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22776 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Carter WP Bulletin Board allows Reflected XSS.This issue affects WP Bulletin Board: from n/a through 1.1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22766 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through 2.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|