CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25080 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25079 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25078 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25077 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25076 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25073 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-9661 |
Description: The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-7425 |
Description: The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-13841 |
Description: The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-13492 |
Description: The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|