CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-23561	WordPress MLL Audio Player MP3 Ajax plugin <= 0.7 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MLL Audio Player MP3 Ajax allows Stored XSS. This issue affects MLL Audio Player MP3 Ajax: from n/a through 0.7. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-23527	WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability Description: Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22704	WordPress Signature plugin <= 0.1 - Cross Site Request Forgery ( CSRF ) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22701	WordPress Traveler Layout Essential For Elementor plugin <= 1.0.8 - Server Side Request Forgery (SSRF) vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22695	WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability Description: Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22694	WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22686	WordPress CF7 Google Sheets Connector plugin <= 5.0.17 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22683	WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22681	WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22677	WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability Description: Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3. CVSS: MEDIUM (4.8) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)