CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-25156	WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25155	WordPress Music Sheet Viewer plugin <= 4.1 - Arbitrary File Read vulnerability Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25154	WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25153	WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25152	WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25151	WordPress uListing Plugin <= 2.1.6 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25149	WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25148	WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25147	WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25144	WordPress Theasys plugin <= 1.0.1 - CSRF to Stored XSS vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)