CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-22665	WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22660	WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wolfgang Include Mastodon Feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through 1.9.9. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-26738	WordPress Quick Interest Slider plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-26737	WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30925	WordPress The Pack Elementor addons plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30923	WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30922	WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30920	WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30918	WordPress Structured Content plugin 1.6.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30914	WordPress Metform Elementor Contact Form Builder plugin <= 3.9.2 - Server Side Request Forgery (SSRF) vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2. CVSS: MEDIUM (4.4) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)