CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26883
WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in bPlugins Animated Text Block allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Animated Text Block: from n/a through 1.0.7.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-1488
WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter
Description: The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.

CVSS: MEDIUM (4.7)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-22633
WordPress Give – Divi Donation Modules plugin <= 2.0.0 - Sensitive Data Exposure vulnerability
Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give – Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give – Divi Donation Modules: from n/a through 2.0.0.

CVSS: MEDIUM (5.8)

EPSS Score: 0.04%

Source: CVE
February 23rd, 2025 (4 months ago)

CVE-2024-13728
Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting
Description: The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.06%

Source: CVE
February 23rd, 2025 (4 months ago)

CVE-2025-26973
WordPress Social Warfare Plugin <= 4.5.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 22nd, 2025 (4 months ago)

CVE-2025-26764
WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability
Description: Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 22nd, 2025 (4 months ago)

CVE-2025-26750
WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Vitepos: from n/a through 3.1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

Source: CVE
February 22nd, 2025 (4 months ago)

CVE-2024-13564
Rife Elementor Extensions & Templates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode
Description: The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
February 22nd, 2025 (4 months ago)

CVE-2024-13798
Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation
Description: The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
February 22nd, 2025 (4 months ago)

CVE-2024-12467
Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting
Description: The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.07%

Source: CVE
February 22nd, 2025 (4 months ago)