CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24679
WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24678
WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24675
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24674
WordPress ShMapper by Teplitsa Plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teplitsa. Technologies for Social Good ShMapper by Teplitsa allows Stored XSS. This issue affects ShMapper by Teplitsa: from n/a through 1.5.0.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24673
WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ltd Ketchup Shortcodes allows Stored XSS. This issue affects Ketchup Shortcodes: from n/a through 0.1.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24668
WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce allows Stored XSS. This issue affects PPOM for WooCommerce: from n/a through 33.0.8.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24666
WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24658
WordPress Auction Nudge – Your eBay on Your Site plugin <= 7.2.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24657
WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2025-24652
WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)