CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-31607	WordPress Simple-Audioplayer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flomei Simple-Audioplayer allows Stored XSS. This issue affects Simple-Audioplayer: from n/a through 1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31606	WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability Description: Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SP Blog Designer: from n/a through 1.0.0. CVSS: MEDIUM (4.8) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31605	WordPress Welcome Popup plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WeblineIndia Welcome Popup allows Stored XSS. This issue affects Welcome Popup: from n/a through 1.0.10. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31604	WordPress Cal.com plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Cal.com Cal.com allows Stored XSS. This issue affects Cal.com: from n/a through 1.0.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31603	WordPress CF7 Spreadsheets plugin <= 2.3.2 - Settings Change vulnerability Description: Missing Authorization vulnerability in moshensky CF7 Spreadsheets allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Spreadsheets: from n/a through 2.3.2. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31602	WordPress Apimo Connector plugin <= 2.6.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in apimofficiel Apimo Connector allows Cross Site Request Forgery. This issue affects Apimo Connector: from n/a through 2.6.3.1. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31601	WordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy Appointment Scheduler allows Cross Site Request Forgery. This issue affects Appointy Appointment Scheduler: from n/a through 4.2.1. CVSS: MEDIUM (6.5) EPSS Score: 0.02% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31600	WordPress DesignO plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO allows Cross Site Request Forgery. This issue affects DesignO: from n/a through 2.2.0. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31598	WordPress Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin <= 4.0.0 - Stored Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce allows Stored XSS. This issue affects Quantity Dynamic Pricing & Bulk Discounts for WooCommerce: from n/a through 4.0.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31597	WordPress Ultimate Live Cricket WordPress Lite plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n/a through 1.4.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)