CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-28941	WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28940	WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28938	WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Bjoern WP Performance Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Performance Pack: from n/a through 2.5.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28937	WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search allows Stored XSS. This issue affects Lava Ajax Search: from n/a through 1.1.9. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28936	WordPress Lunar plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28930	WordPress List Mixcloud plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud allows Stored XSS. This issue affects List Mixcloud: from n/a through 1.4. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28929	WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget allows Stored XSS. This issue affects Tabbed Login Widget: from n/a through 1.1.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28927	WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28926	WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time allows Stored XSS. This issue affects Post Read Time: from n/a through 1.2.6. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE March 11th, 2025 (3 months ago)
CVE-2025-28920	WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 11th, 2025 (3 months ago)