CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-39442	WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39441	WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39440	WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39435	WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39433	WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39432	WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39431	WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39430	WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1. CVSS: HIGH (7.1) EPSS Score: 0.02% SSVC Exploitation: none Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39429	WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo allows PHP Local File Inclusion. This issue affects Széchenyi 2020 Logo: from n/a through 1.1. CVSS: HIGH (7.5) EPSS Score: 0.11% SSVC Exploitation: none Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-39424	WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)