CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-47450	WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability Description: Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47449	WordPress Meow Gallery <= 5.2.7 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Meow Gallery allows Stored XSS. This issue affects Meow Gallery: from n/a through 5.2.7. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47448	WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery. This issue affects WP Hotel Booking: from n/a through 2.1.9. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47447	WordPress Cool Author Box <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47446	WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47443	WordPress Widget Countdown <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown allows Stored XSS. This issue affects Widget Countdown: from n/a through 2.7.4. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47442	WordPress CC BMI Calculator <= 2.1.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CC CC BMI Calculator allows Stored XSS. This issue affects CC BMI Calculator: from n/a through 2.1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47441	WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar allows Stored XSS. This issue affects Progress Bar: from n/a through 2.2.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47440	WordPress WPAdverts <= 2.2.2 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts allows PHP Local File Inclusion. This issue affects WPAdverts: from n/a through 2.2.2. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-47439	WordPress Download Monitor <= 5.0.22 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor allows PHP Local File Inclusion. This issue affects Download Monitor: from n/a through 5.0.22. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE May 7th, 2025 (about 1 month ago)