CyberAlerts

CVE-2024-1319

Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Description: The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).

CVSS: MEDIUM (4.3)

EPSS Score: 0.1%

SSVC Exploitation: poc

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-26762

WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22659

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22649

WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22648

WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through 2.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22647

WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22646

WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22644

WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22640

WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Stored XSS.This issue affects Paytm Payment Donation: from n/a through 2.3.3.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22638

WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Table For WooCommerce allows Stored XSS.This issue affects Product Table For WooCommerce: from n/a through 1.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: