CyberAlerts

CVE-2025-47469

WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47468

WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47467

WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47466

WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate WP Mail allows Cross Site Request Forgery. This issue affects Ultimate WP Mail: from n/a through 1.3.4.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47465

WordPress Blocksy <= 2.0.97 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47464

WordPress Solace Extra <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability

Description: Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.1.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47459

WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47457

WordPress LocateAndFilter <= 1.6.16 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47456

WordPress WP Gravity Forms Zendesk <= 1.1.2 - Open Redirection Vulnerability

Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zendesk allows Phishing. This issue affects WP Gravity Forms Zendesk: from n/a through 1.1.2.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-47455

WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability

Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE

May 7th, 2025 (about 1 month ago)

Threat and Vulnerability Intelligence Database

Example Searches: