CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-32694	WordPress Ultimate WP Mail <= 1.3.2 - Open Redirection Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2. CVSS: MEDIUM (4.7) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32693	WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27. CVSS: MEDIUM (4.7) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32692	WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32691	WordPress PowerPress Podcasting <= 11.12.4 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4. CVSS: MEDIUM (4.9) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32690	WordPress PowerPress Podcasting <= 11.12.4 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS. This issue affects PowerPress Podcasting: from n/a through 11.12.4. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32685	WordPress WP Inquiries <= 0.2.1 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32684	WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32. CVSS: MEDIUM (5.0) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32683	WordPress MapSVG Lite plugin <= 8.5.32 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32680	WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream allows Stored XSS. This issue affects Review Stream: from n/a through 1.6.7. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE April 9th, 2025 (2 months ago)
CVE-2025-32679	WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2. CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE April 9th, 2025 (2 months ago)