CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47608 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47598 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47561 |
Description: Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allows Privilege Escalation. This issue affects MapSVG: from n/a through 8.5.34.
CVSS: HIGH (8.8) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47527 |
Description: Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47511 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.
CVSS: MEDIUM (6.8) EPSS Score: 0.06%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47487 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47477 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-47463 |
Description: Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stock Locations for WooCommerce: from n/a through 2.8.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-46178 |
Description: Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-45055 |
Description: Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attackers to escalate privileges by creating a new administrator account. The vulnerability arises from insufficient sanitization of SVG files and weak CSRF protections.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|