CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-47476	WordPress Cost Calculator for Elementor <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Cost Calculator for Elementor allows DOM-Based XSS. This issue affects Cost Calculator for Elementor: from n/a through 1.3.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47475	WordPress JupiterX Core <= 4.8.11 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core allows Stored XSS. This issue affects JupiterX Core: from n/a through 4.8.11. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47473	WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooCommerce Bulk Edit allows Cross Site Request Forgery. This issue affects PW WooCommerce Bulk Edit: from n/a through 2.134. CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47472	WordPress Music Player for WooCommerce <= 1.5.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47471	WordPress Envo Extra <= 1.9.9 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47470	WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47469	WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47468	WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47467	WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47466	WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate WP Mail allows Cross Site Request Forgery. This issue affects Ultimate WP Mail: from n/a through 1.3.4. CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)