CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-1110 |
Description: The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
CVSS: MEDIUM (5.3) EPSS Score: 0.15% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-0797 |
Description: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.
CVSS: MEDIUM (4.3) EPSS Score: 0.13% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-0699 |
Description: The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: MEDIUM (6.6) EPSS Score: 5.37% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-0324 |
Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.
CVSS: HIGH (8.2) EPSS Score: 45.96% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-32922 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS allows Stored XSS.This issue affects WP2LEADS: from n/a through 3.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.02% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-56006 |
Description: Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-51666 |
Description: Missing Authorization vulnerability in Automattic Tours.This issue affects Tours: from n/a through 1.0.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-47580 |
Description: Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-22306 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7.
CVSS: MEDIUM (5.9) EPSS Score: 0.04% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-22293 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.
CVSS: HIGH (7.1) EPSS Score: 0.06% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|