CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-23946
WordPress Enhanced YouTube Shortcode plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23943
WordPress PDF.js Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23941
WordPress MeinTurnierplan.de Widget Viewer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23940
WordPress jupdf pdf viewer plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23939
WordPress Image Switcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23936
WordPress CC Circle Progress Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23934
WordPress Giveaways and Contests by PromoSimple plugin <= 1.24 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23933
WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23930
WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)

CVE-2025-23929
WordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (5 months ago)