CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-31885	WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block allows DOM-Based XSS. This issue affects Hyperlink Group Block: from n/a through 2.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31884	WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS. This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31883	WordPress WebinarPress plugin <= 1.33.27 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem WebinarPress allows Stored XSS. This issue affects WebinarPress: from n/a through 1.33.27. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31882	WordPress WordPress Webinar Plugin <= 1.33.27 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in WPWebinarSystem WebinarPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WebinarPress: from n/a through 1.33.27. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31881	WordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31880	WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31879	WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Settings Change vulnerability Description: Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31878	WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Settings Change vulnerability Description: Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31877	WordPress RestroPress plugin <= 3.1.8.4 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31875	WordPress FancyPost plugin <= 6.0.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost allows DOM-Based XSS. This issue affects FancyPost: from n/a through 6.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)