CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-0845
DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description: The DesignThemes Core Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.02%

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2025-30623
WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox allows Stored XSS. This issue affects wA11y – The Web Accessibility Toolbox: from n/a through 1.0.3.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30619
WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe allows Cross Site Request Forgery. This issue affects SpeakPipe: from n/a through 0.2.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30617
WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allows Cross Site Request Forgery. This issue affects Rewrite: from n/a through 0.2.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30610
WordPress WP Social Widget - <= <= 2.2.6 Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.2.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30609
WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
Description: Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30606
WordPress Easy Page Transition plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Logan Carlile Easy Page Transition allows Stored XSS. This issue affects Easy Page Transition: from n/a through 1.0.1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30605
WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in ldwin79 sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects sourceplay-navermap: from n/a through 0.0.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30601
WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System allows Cross Site Request Forgery. This issue affects Flipdish Ordering System: from n/a through 1.4.16.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30600
WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiagogsrwp WP Hotjar allows Stored XSS. This issue affects WP Hotjar: from n/a through 0.0.3.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)