CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1508 |
Description: The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
March 12th, 2025 (3 months ago)
|
|
CVE-2025-28943 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager allows Stored XSS. This issue affects DP ALTerminator - Missing ALT manager: from n/a through 1.0.2.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28941 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28940 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28938 |
Description: Missing Authorization vulnerability in Bjoern WP Performance Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Performance Pack: from n/a through 2.5.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28937 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search allows Stored XSS. This issue affects Lava Ajax Search: from n/a through 1.1.9.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28936 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28930 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud allows Stored XSS. This issue affects List Mixcloud: from n/a through 1.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28929 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget allows Stored XSS. This issue affects Tabbed Login Widget: from n/a through 1.1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 11th, 2025 (3 months ago)
|
|
CVE-2025-28927 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|