CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22721 |
Description: Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.6.7.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22718 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roninwp FAT Event Lite allows Stored XSS. This issue affects FAT Event Lite: from n/a through 1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22661 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a through 3.20.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22276 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enguerran Weiss Related Post Shortcode allows Stored XSS. This issue affects Related Post Shortcode: from n/a through 1.2.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22267 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22262 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bonjour Bar allows Stored XSS. This issue affects Bonjour Bar: from n/a through 1.0.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-0450 |
Description: The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-0371 |
Description: The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 22nd, 2025 (5 months ago)
|
|
CVE-2024-56277 |
Description: Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2024-13536 |
Description: The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 22nd, 2025 (5 months ago)
|