CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10552 |
Description: The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25.
CVSS: MEDIUM (6.4) EPSS Score: 0.07%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-10324 |
Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24755 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This issue affects PDF Invoices for WooCommerce + Drag and Drop Template Builder: from n/a through 4.6.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24753 |
Description: Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24751 |
Description: Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24750 |
Description: Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24746 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24739 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24738 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24736 |
Description: Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|