CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24782	WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulner... Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24754	WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24747	WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24744	WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24743	WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24742	WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40. CVSS: MEDIUM (4.3) EPSS Score: 0.06% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24741	WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7. CVSS: MEDIUM (4.7) EPSS Score: 0.05% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24740	WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1. CVSS: MEDIUM (4.7) EPSS Score: 0.06% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24689	WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)
CVE-2025-24662	WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE January 28th, 2025 (6 months ago)