CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-27967 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.13% SSVC Exploitation: none
April 10th, 2025 (2 months ago)
|
|
CVE-2024-2500 |
Description: The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.2% SSVC Exploitation: none
April 10th, 2025 (2 months ago)
|
|
CVE-2024-2326 |
Description: The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.06% SSVC Exploitation: none
April 10th, 2025 (2 months ago)
|
|
CVE-2025-31411 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12.
CVSS: MEDIUM (5.9) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32282 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32275 |
Description: Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32260 |
Description: Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32259 |
Description: Missing Authorization vulnerability in Alimir WP ULike. This issue affects WP ULike: from n/a through 4.7.9.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32244 |
Description: Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32243 |
Description: Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|