CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24744	WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24743	WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24742	WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40. CVSS: MEDIUM (4.3) EPSS Score: 0.06% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24741	WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7. CVSS: MEDIUM (4.7) EPSS Score: 0.05% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24740	WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1. CVSS: MEDIUM (4.7) EPSS Score: 0.06% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24689	WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24662	WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24653	WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24628	WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability Description: Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)
CVE-2025-24606	WordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1. CVSS: MEDIUM (6.4) EPSS Score: 0.04% Source: CVE January 28th, 2025 (5 months ago)