CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30832	WordPress Themify Event Post Plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30830	WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cool Author Box: from n/a through 2.9.9. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30828	WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30826	WordPress IP Locator plugin <= 4.1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator allows DOM-Based XSS. This issue affects IP Locator: from n/a through 4.1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30824	WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Israpil Textmetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Textmetrics: from n/a through 3.6.1. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30823	WordPress Anthologize Plugin <= 0.8.2 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.2. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30822	WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery. This issue affects Custom Login Logo: from n/a through 1.1.7. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30821	WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30818	WordPress jAlbum Bridge plugin <= 2.0.17 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows DOM-Based XSS. This issue affects jAlbum Bridge: from n/a through 2.0.17. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30817	WordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in wpzita Z Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Z Companion: from n/a through 1.0.13. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)