CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-32686	WordPress Team Members <= 3.4.0 - PHP Object Injection Vulnerability Description: Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32682	WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32674	WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through 4.7. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32670	WordPress Spark GF Failed Submissions plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions allows Reflected XSS. This issue affects Spark GF Failed Submissions: from n/a through 1.3.5. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32666	WordPress Hive Support plugin <= 1.2.2- Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Reflected XSS. This issue affects Hive Support: from n/a through 1.2.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32665	WordPress Office Locator plugin <= 1.3.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0. CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32662	WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability Description: Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0. CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32660	WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. CVSS: CRITICAL (10.0) EPSS Score: 0.06% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32658	WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 months ago)
CVE-2025-32655	WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 months ago)