CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0859 |
Description: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-33542 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-13829 |
Description: The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-22730 |
Description: Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22697 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22696 |
Description: Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22675 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end allows Stored XSS. This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through 1.1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22674 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce allows Stored XSS. This issue affects Product Blocks for WooCommerce: from n/a through 1.9.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22664 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22662 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|