CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-31894	WordPress Ebook Downloader plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infoway LLC Ebook Downloader allows Stored XSS. This issue affects Ebook Downloader: from n/a through 1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31892	WordPress WP Crowdfunding plugin <= 2.1.13 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31891	WordPress Gosign – Posts Slider Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gosign Gosign – Posts Slider Block allows Stored XSS. This issue affects Gosign – Posts Slider Block: from n/a through 1.1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31890	WordPress Simple Map No Api plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mashi Simple Map No Api allows Stored XSS. This issue affects Simple Map No Api: from n/a through 1.9. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31888	WordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator allows Cross Site Request Forgery. This issue affects WP Multistore Locator: from n/a through 2.5.2. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31887	WordPress MyBookProgress plugin <= 1.0.8 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31886	WordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social proof testimonials and reviews by Repuso: from n/a through 5.21. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31885	WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block allows DOM-Based XSS. This issue affects Hyperlink Group Block: from n/a through 2.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31884	WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS. This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31883	WordPress WebinarPress plugin <= 1.33.27 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem WebinarPress allows Stored XSS. This issue affects WebinarPress: from n/a through 1.33.27. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE April 1st, 2025 (3 months ago)