CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30844	WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz allows Reflected XSS. This issue affects Watu Quiz: from n/a through 3.4.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-30841	WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8. CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-30825	WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability Description: Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5. CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-30807	WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.4 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration allows SQL Injection. This issue affects Next-Cart Store to WooCommerce Migration: from n/a through 3.9.4. CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-30778	WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS. This issue affects VForm: from n/a through 3.1.9. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-30580	WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. This issue affects DigiWidgets Image Editor: from n/a through 1.10. CVSS: CRITICAL (10.0) EPSS Score: 0.06% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-30554	WordPress Frizzly plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31910	WordPress BookingPress Plugin <= 1.1.28 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31908	WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 1st, 2025 (3 months ago)
CVE-2025-31906	WordPress WP Profitshare Plugin <= 1.4.9 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 1st, 2025 (3 months ago)