CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31014
WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
April 11th, 2025 (2 months ago)

CVE-2025-2636
InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS: CRITICAL (9.8)

EPSS Score: 0.33%

Source: CVE
April 11th, 2025 (2 months ago)
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
🚨 Marked as known exploited on April 11th, 2025 (2 months ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The

CVSS: HIGH (8.1)

EPSS Score: 0.14%

Source: TheHackerNews
April 11th, 2025 (2 months ago)

CVE-2024-29790
WordPress Squirrly SEO plugin <= 12.3.16 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.

CVSS: HIGH (7.1)

EPSS Score: 0.19%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2024-29759
WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

CVSS: HIGH (7.1)

EPSS Score: 0.11%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2024-29098
WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7.

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2024-27994
WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0.

CVSS: HIGH (7.1)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2024-27967
WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2024-27195
WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2024-2500
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6...
Description: The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.2%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (2 months ago)