CyberAlerts

CVE-2025-39441

WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39440

WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39435

WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39433

WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39432

WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39431

WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39430

WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1.

CVSS: HIGH (7.1)

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39429

WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo allows PHP Local File Inclusion. This issue affects Széchenyi 2020 Logo: from n/a through 1.1.

CVSS: HIGH (7.5)

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39424

WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

CVE-2025-39423

WordPress Add to Header plugin <= 1.0 - CSRF to XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 6 hours ago)

Threat and Vulnerability Intelligence Database

Example Searches: