CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13627 |
Description: The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: MEDIUM (4.7) EPSS Score: 0.05%
February 18th, 2025 (4 months ago)
|
|
CVE-2024-13608 |
Description: The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26779 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-26767 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-26766 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-26765 |
Description: Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-26761 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-23975 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-22689 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators allows Stored XSS. This issue affects Forex Calculators: from n/a through 1.3.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-22676 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through 3.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|