CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48123 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Code Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
CVSS: CRITICAL (10.0) EPSS Score: 0.05%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-48122 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47651 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47608 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47598 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47561 |
Description: Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allows Privilege Escalation. This issue affects MapSVG: from n/a through 8.5.34.
CVSS: HIGH (8.8) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47527 |
Description: Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47511 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47487 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.
CVSS: HIGH (7.1) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47477 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23.
CVSS: HIGH (7.1) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|