CyberAlerts

CVE-2024-13878

Description: The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.04%

Source: CVE

March 20th, 2025 (about 1 month ago)

CVE-2024-13877

Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS

Description: The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.04%

Source: CVE

March 20th, 2025 (about 1 month ago)

CVE-2024-13876

Meintopf <= 0.2.1 - Reflected XSS

Description: The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.04%

Source: CVE

March 20th, 2025 (about 1 month ago)

CVE-2024-13875

WP Programmmanager <= 1.2 - Reflected XSS

Description: The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.04%

Source: CVE

March 20th, 2025 (about 1 month ago)

Malware campaign 'DollyWay' breached 20,000 WordPress sites

Description: A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]

Source: BleepingComputer

March 19th, 2025 (about 1 month ago)

CVE-2024-6244

pz-frontend-manager < 1.0.6 - CSRF change user profile picture

Description: The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

EPSS Score: 2.79%

SSVC Exploitation: poc

Source: CVE

March 19th, 2025 (about 1 month ago)

CVE-2024-3973

House Manager <= 1.0.8.4 - Reflected XSS

Description: The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE

March 19th, 2025 (about 1 month ago)

CVE-2024-4289

Sailthru Triggermail <= 1.1 - Reflected XSS

Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE

March 19th, 2025 (about 1 month ago)

CVE-2025-1232

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Description: The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks

EPSS Score: 0.05%

Source: CVE

March 19th, 2025 (about 1 month ago)

CVE-2024-7713

AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure

Description: The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE

March 18th, 2025 (about 1 month ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13878	SpotBot <= 0.1.8 - Reflected XSS Description: The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE March 20th, 2025 (about 1 month ago)
CVE-2024-13877	Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS Description: The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE March 20th, 2025 (about 1 month ago)
CVE-2024-13876	Meintopf <= 0.2.1 - Reflected XSS Description: The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE March 20th, 2025 (about 1 month ago)
CVE-2024-13875	WP Programmmanager <= 1.2 - Reflected XSS Description: The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE March 20th, 2025 (about 1 month ago)
	Malware campaign 'DollyWay' breached 20,000 WordPress sites Description: A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...] Source: BleepingComputer March 19th, 2025 (about 1 month ago)
CVE-2024-6244	pz-frontend-manager < 1.0.6 - CSRF change user profile picture Description: The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks EPSS Score: 2.79% SSVC Exploitation: poc Source: CVE March 19th, 2025 (about 1 month ago)
CVE-2024-3973	House Manager <= 1.0.8.4 - Reflected XSS Description: The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.01% SSVC Exploitation: none Source: CVE March 19th, 2025 (about 1 month ago)
CVE-2024-4289	Sailthru Triggermail <= 1.1 - Reflected XSS Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.03% SSVC Exploitation: poc Source: CVE March 19th, 2025 (about 1 month ago)
CVE-2025-1232	Site Reviews < 7.2.5 - Unauthenticated Stored XSS Description: The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks EPSS Score: 0.05% Source: CVE March 19th, 2025 (about 1 month ago)
CVE-2024-7713	AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure Description: The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it EPSS Score: 0.05% SSVC Exploitation: poc Source: CVE March 18th, 2025 (about 1 month ago)