CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13724 |
Description: The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-13682 |
Description: The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in class-wallet-user-table.php. This makes it possible for unauthenticated attackers to modify wallet balances via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1321 |
Description: The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-13686 |
Description: The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the themes settings.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-27274 |
Description: Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11.
CVSS: MEDIUM (4.9) EPSS Score: 0.06%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27273 |
WordPress Affiliate Links Manager Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS. This issue affects Affiliate Links Manager: from n/a through 1.0.
CVSS: MEDIUM (5.8) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-25137 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Social Links allows Stored XSS. This issue affects Social Links: from n/a through 1.0.11.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-25131 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RJ Quickcharts allows Stored XSS. This issue affects RJ Quickcharts: from n/a through 0.6.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-25115 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Like dislike plus counter allows Stored XSS. This issue affects Like dislike plus counter: from n/a through 1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-25084 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound UniTimetable allows Stored XSS. This issue affects UniTimetable: from n/a through 1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|