CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13218	Fast Tube <= 2.3.1 - Reflected XSS Description: The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13112	WP MediaTagger <= 4.1.1 - Reflected XSS Description: The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13101	WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS Description: The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13100	Woo UPS Pickup <= 2.6.3 - Reflected XSS Description: The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-12872	Zalomení <= 1.5 - Admin+ Stored XSS Description: The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-12772	Ninja Tables < 5.0.17 - Admin+ Stored XSS Description: The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-12275	CanvasFlow <= 1.5.5 - Reflected XSS Description: The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
	Daily Dose of Dark Web Informer - January 31st, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer February 1st, 2025 (5 months ago)
	DeepSeek Jailbreak Reveals Its Entire System Prompt Description: Now we know exactly how DeepSeek was designed to work, and we may even have a clue toward its highly publicized scandal with OpenAI. Source: Dark Reading January 31st, 2025 (5 months ago)
	Community Health Center Data Breach Affects 1M Patients Description: The CHC remains operational, but a host of personal data is now in the hands of a "skilled cybercriminal," it said. Source: Dark Reading January 31st, 2025 (5 months ago)