CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26558
WordPress Aparat Responsive plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mkkmail Aparat Responsive allows DOM-Based XSS. This issue affects Aparat Responsive: from n/a through 1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2025-26539
WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map allows Stored XSS. This issue affects Embed Google Map: from n/a through 3.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2025-26538
WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder allows Stored XSS. This issue affects Prezi Embedder: from n/a through 2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2025-0837
Puzzles <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description: The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2025-0661
DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure
Description: The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, draft, or scheduled posts that they should not have access to by duplicating the post.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2024-4212
Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.08%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2024-29090
WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2024-13867
Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting
Description: The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2024-13644
DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget
Description: The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (4 months ago)

CVE-2024-13639
Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion
Description: The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (4 months ago)