CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-25146	WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25145	WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25143	WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25136	WordPress Optimate Ads plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25120	WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25117	WordPress Smart Countdown FX plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25111	WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25110	WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25105	WordPress Pop Up Plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25103	WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)