CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1668 |
Description: The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 15th, 2025 (3 months ago)
|
|
CVE-2024-12336 |
Description: The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive affiliate data, including personally identifiable information (PII).
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 15th, 2025 (3 months ago)
|
|
CVE-2024-30481 |
Description: Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.17% SSVC Exploitation: none
March 14th, 2025 (3 months ago)
|
|
CVE-2024-13772 |
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation.
CVSS: MEDIUM (5.6) EPSS Score: 0.1%
March 14th, 2025 (3 months ago)
|
|
CVE-2025-1507 |
Description: The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
March 14th, 2025 (3 months ago)
|
|
CVE-2025-1526 |
Description: The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
March 14th, 2025 (3 months ago)
|
|
CVE-2024-13407 |
Description: The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 14th, 2025 (3 months ago)
|
|
CVE-2025-2289 |
Description: The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
March 14th, 2025 (3 months ago)
|
|
CVE-2025-2166 |
Description: The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.08%
March 14th, 2025 (3 months ago)
|
|
CVE-2025-1528 |
Description: The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the values of arbitrary post meta.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 14th, 2025 (3 months ago)
|