CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-26996	WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.05% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26951	WordPress C9 Blocks plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26950	WordPress Nepali Date Converter plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26934	WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26930	WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26919	WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá allows Stored XSS. This issue affects Tainá: from n/a through 0.2.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26906	WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26903	WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26880	WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)
CVE-2025-26870	WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetEngine allows DOM-Based XSS. This issue affects JetEngine: from n/a through 3.6.4.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 15th, 2025 (about 2 months ago)