CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-32655	WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32653	WordPress Cart66 Cloud Plugin <= 2.3.7 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud allows Reflected XSS. This issue affects Cart66 Cloud: from n/a through 2.3.7. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32652	WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32651	WordPress SERPed.net Plugin <= 4.6 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net allows Reflected XSS. This issue affects SERPed.net: from n/a through 4.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32649	WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32648	WordPress Projectopia - Project Magement Plugin <= 5.1.16 - Privilege Escalation vulnerability Description: Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32647	WordPress Question Answer Plugin <= 1.2.70 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70. CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32646	WordPress Question Answer Plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS. This issue affects Question Answer: from n/a through 1.2.70. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32639	WordPress Affiliate Links plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite allows Reflected XSS. This issue affects Affiliate Links Lite: from n/a through 3.1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32638	WordPress ShopApper plugin <= 0.4.39 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile ShopApper allows Stored XSS. This issue affects ShopApper: from n/a through 0.4.39. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)