CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30905	WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-30892	WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly allows Object Injection. This issue affects WpTravelly: from n/a through 1.8.7. CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-30852	WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS. This issue affects Oracle Cards Lite: from n/a through 1.2.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-30844	WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz allows Reflected XSS. This issue affects Watu Quiz: from n/a through 3.4.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-30825	WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability Description: Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5. CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-30778	WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS. This issue affects VForm: from n/a through 3.1.9. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-30554	WordPress Frizzly plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-31910	WordPress BookingPress Plugin <= 1.1.28 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-31908	WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 1st, 2025 (2 months ago)
CVE-2025-31906	WordPress WP Profitshare Plugin <= 1.4.9 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 1st, 2025 (2 months ago)