CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48139 |
Description: Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48130 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2.
CVSS: HIGH (7.5) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48129 |
Description: Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48126 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1.
CVSS: HIGH (8.1) EPSS Score: 0.12%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48125 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager allows PHP Local File Inclusion. This issue affects WP Event Manager: from n/a through 3.1.49.
CVSS: HIGH (8.1) EPSS Score: 0.12%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48124 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Path Traversal. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
CVSS: HIGH (7.5) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48123 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Code Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
CVSS: CRITICAL (10.0) EPSS Score: 0.05%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48122 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47651 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47608 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|