CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-3598
Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter
Description: The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.06%

Source: CVE
April 18th, 2025 (about 2 months ago)

CVE-2025-2613
Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting ...
Description: The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVSS: MEDIUM (4.4)

EPSS Score: 0.03%

Source: CVE
April 18th, 2025 (about 2 months ago)

CVE-2024-13650
Piotnet Addons For Elementor <= 2.4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
April 18th, 2025 (about 2 months ago)

CVE-2024-0201
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...
Description: The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-39580
WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

CVSS: MEDIUM (5.8)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-39562
WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-39559
WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-39554
WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-39457
WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-39456
WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in iTRON WP Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logger: from n/a through 2.2.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (about 2 months ago)