CyberAlerts

CVE-2025-32497

WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block allows Stored XSS. This issue affects Spoiler Block: from n/a through 1.7.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32484

WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification allows Stored XSS. This issue affects WP-Planification: from n/a through 2.3.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32482

WordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32481

WordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect allows Stored XSS. This issue affects Nino Social Connect: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32480

WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer allows Stored XSS. This issue affects Windows Live Writer: from n/a through 0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32479

WordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget allows Stored XSS. This issue affects Flags Widget: from n/a through 1.0.7.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32478

WordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox allows Stored XSS. This issue affects WP SexyLightBox: from n/a through 0.5.3.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32477

WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu allows Stored XSS. This issue affects WP-Easy Menu: from n/a through 0.41.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32476

WordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists allows Stored XSS. This issue affects Advanced Tag Lists: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32380

Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Apollo Router's usage of Apollo Compiler has been updated so that validation logic processes each named fragment only once, preventing redundant traversal. This has been remediated in apollo-router versions 1.61.2 and 2.1.1.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE

April 9th, 2025 (12 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: