CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-28892
WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28891
WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28883
WordPress WP Compare Tables plugin <= 1.0.5 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28861
WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28860
WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28857
WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-27792
Opal vulnerable to CSRF protection bypass
Description: Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using ``, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue.

CVSS: HIGH (7.7)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-27101
Broken Access Control in Opal filesystem's copy functionality exposes all user data
Description: Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-1707
Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta
Description: The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

CVSS: HIGH (8.8)

EPSS Score: 0.1%

Source: CVE
March 11th, 2025 (4 months ago)
[rembg] Rembg CORS misconfiguration
Description: Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests. References https://nvd.nist.gov/vuln/detail/CVE-2025-25302 https://github.com/danielgatis/rembg/blob/d1e00734f8a996abf512a3a5c251c7a9a392c90a/rembg/commands/s_command.py#L93 https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg https://github.com/advisories/GHSA-59qh-fmm7-3g9q

CVSS: HIGH (8.7)

EPSS Score: 0.01%

Source: Github Advisory Database (PIP)
March 11th, 2025 (4 months ago)