CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31382 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field allows Stored XSS. This issue affects Language Field: from n/a through 0.9.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31377 |
Description: Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Product Feed For Marketing Channels: from n/a through 1.9.0.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31375 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31038 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Privilege Escalation. This issue affects Essential Breadcrumbs: from n/a through 1.1.1.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31036 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31032 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31026 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded allows Stored XSS. This issue affects Comment Validation Reloaded: from n/a through 0.5.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31023 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-1968 |
Description: Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
CVSS: HIGH (7.7) EPSS Score: 0.05%
April 9th, 2025 (3 months ago)
|
|
Description: A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.
Impact
This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
References
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m
https://github.com/advisories/GHSA-3f7v-qx94-666m
CVSS: HIGH (7.5)
April 9th, 2025 (3 months ago)
|