CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23513 |
Description: Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.
CVSS: HIGH (8.7) EPSS Score: 0.31% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-23512 |
Description: Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.
CVSS: HIGH (8.7) EPSS Score: 0.22% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-0963 |
Description: The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.12% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-0907 |
Description: The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.
CVSS: MEDIUM (5.3) EPSS Score: 0.49% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-0566 |
Description: The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: HIGH (7.2) EPSS Score: 1.33% SSVC Exploitation: poc
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-0421 |
Description: The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
EPSS Score: 0.38% SSVC Exploitation: poc
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-0248 |
Description: The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.
EPSS Score: 0.26% SSVC Exploitation: poc
May 7th, 2025 (about 1 month ago)
|
|
Description: Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. [...]
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47692 |
Description: Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47691 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3.
CVSS: MEDIUM (5.5) EPSS Score: 0.05%
May 7th, 2025 (about 1 month ago)
|