CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-46517	WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Blog Manager WP allows Stored XSS. This issue affects Blog Manager WP: from n/a through 1.0.5. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46513	WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46511	WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71. CVSS: MEDIUM (6.4) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46509	WordPress 360 View <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey Mikhalchuk 360 View allows Stored XSS. This issue affects 360 View: from n/a through 1.1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46505	WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46503	WordPress Simple Google Photos Grid <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery. This issue affects Simple Google Photos Grid: from n/a through 1.5. CVSS: MEDIUM (4.9) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46501	WordPress Mixcloud Embed <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed allows Stored XSS. This issue affects Mixcloud Embed: from n/a through 2.2.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46498	WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0. CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46496	WordPress Mini twitter feed <= 3.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed allows Stored XSS. This issue affects Mini twitter feed: from n/a through 3.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (2 months ago)
CVE-2025-46495	WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS. This issue affects Drop Caps: from n/a through 2.1. CVSS: MEDIUM (6.5) EPSS Score: 0.01% Source: CVE April 24th, 2025 (2 months ago)