CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4220
Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-4055
Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode
Description: The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-4054
Relevanssi <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights
Description: The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via the search results.

CVSS: MEDIUM (6.1)

EPSS Score: 0.1%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-3924
PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration
Description: The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-3860
CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter
Description: The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-3853
WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
Description: The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-3851
Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure
Description: The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 7th, 2025 (about 2 months ago)

CVE-2025-2821
Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification
Description: The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE
May 7th, 2025 (about 2 months ago)
[passport-wsfed-saml2] Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Description: Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions: The service provider is using passport-wsfed-saml2, A valid SAML document signed by the Identity Provider can be obtained. Fix Upgrade to v4.6.4 or greater. References https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-wjmp-wphq-jvqf https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181 https://nvd.nist.gov/vuln/detail/CVE-2025-46572 https://github.com/advisories/GHSA-wjmp-wphq-jvqf

CVSS: MEDIUM (4.6)

EPSS Score: 0.1%

Source: Github Advisory Database (NPM)
May 6th, 2025 (about 2 months ago)
[passport-wsfed-saml2] Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Description: Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions: The service provider is using passport-wsfed-saml2, A valid SAML Response signed by the Identity Provider can be obtained Fix Upgrade to v4.6.4 or greater. References https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181 https://nvd.nist.gov/vuln/detail/CVE-2025-46573 https://github.com/advisories/GHSA-8gqj-226h-gm8r

CVSS: MEDIUM (4.6)

EPSS Score: 0.08%

Source: Github Advisory Database (NPM)
May 6th, 2025 (about 2 months ago)