CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10970 |
Description: The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
January 17th, 2025 (5 months ago)
|
|
CVE-2024-10789 |
Description: The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 17th, 2025 (5 months ago)
|
|
CVE-2025-22798 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22797 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22788 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a through 4.7.17.2.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22787 |
Description: Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22781 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nativery Developer Nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through 0.1.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22780 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Yuzhakov wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through 1.17.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22779 |
Description: Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|
|
CVE-2025-22773 |
Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 16th, 2025 (5 months ago)
|