CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22313
WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2025-22307
WordPress Product Table for WooCommerce plugin <= 3.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2025-22295
WordPress Tripetto plugin <= 8.0.5 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through 8.0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2024-9575
Local File Inclusion in pretix-widget WordPress plugin
Description: Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2024-12848
SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload
Description: The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.

CVSS: HIGH (8.8)

EPSS Score: 0.07%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2024-12542
linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure
Description: The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.

CVSS: HIGH (8.6)

EPSS Score: 0.09%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2024-12330
WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure
Description: The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
January 10th, 2025 (5 months ago)

CVE-2024-9939
WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php
Description: The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.

CVSS: HIGH (7.5)

EPSS Score: 0.09%

Source: CVE
January 9th, 2025 (5 months ago)

CVE-2024-12854
Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
Description: The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
January 9th, 2025 (5 months ago)

CVE-2024-12853
Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload
Description: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
January 9th, 2025 (5 months ago)