CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-46449	WordPress WoWHead Tooltips <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46447	WordPress Fable Extra <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46445	WordPress External Markdown <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46443	WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5. CVSS: MEDIUM (4.9) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46442	WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46439	WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal. This issue affects Plugin Central: from n/a through 2.5.1. CVSS: HIGH (7.4) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46438	WordPress GTDB Guitar Tuners <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46436	WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery. This issue affects SCSS-Library: from n/a through 0.4.1. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46435	WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (about 2 months ago)
CVE-2025-46264	WordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload Vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5. CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: CVE April 24th, 2025 (about 2 months ago)