CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46232 |
Description: Missing Authorization vulnerability in alttextai Download Alt Text AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Alt Text AI: from n/a through 1.9.93.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-46231 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-46229 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-46228 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-46227 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-46226 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-46225 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elementor: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-2594 |
Description: The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
EPSS Score: 0.05%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2024-13569 |
Description: The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-3814 |
Description: The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 22nd, 2025 (about 2 months ago)
|