CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-32480	WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer allows Stored XSS. This issue affects Windows Live Writer: from n/a through 0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-32479	WordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget allows Stored XSS. This issue affects Flags Widget: from n/a through 1.0.7. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-32478	WordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox allows Stored XSS. This issue affects WP SexyLightBox: from n/a through 0.5.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-32477	WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu allows Stored XSS. This issue affects WP-Easy Menu: from n/a through 0.41. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-32476	WordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists allows Stored XSS. This issue affects Advanced Tag Lists: from n/a through 1.2. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-32380	Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Apollo Router's usage of Apollo Compiler has been updated so that validation logic processes each named fragment only once, preventing redundant traversal. This has been remediated in apollo-router versions 1.61.2 and 2.1.1. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-31404	WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend allows Stored XSS. This issue affects AF Tell a Friend: from n/a through 1.4. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-31402	WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-31401	WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas allows Stored XSS. This issue affects MMX – Make Me Christmas: from n/a through 1.0.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)
CVE-2025-31400	WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player allows Stored XSS. This issue affects WS Audio Player: from n/a through 1.1.8. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 9th, 2025 (3 months ago)