CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-46502	WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46501	WordPress Mixcloud Embed <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed allows Stored XSS. This issue affects Mixcloud Embed: from n/a through 2.2.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46499	WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46498	WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0. CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46497	WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46496	WordPress Mini twitter feed <= 3.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed allows Stored XSS. This issue affects Mini twitter feed: from n/a through 3.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46495	WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS. This issue affects Drop Caps: from n/a through 2.1. CVSS: MEDIUM (6.5) EPSS Score: 0.01% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46492	WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46491	WordPress Multi-Column Taxonomy List <= 1.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List allows Stored XSS. This issue affects Multi-Column Taxonomy List: from n/a through 1.5. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46489	WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE April 24th, 2025 (about 2 months ago)