CyberAlerts

CVE-2025-39585

WordPress Travelfic Toolkit <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39584

WordPress Eventin <= 4.0.25 - Local File Inclusion Vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39582

WordPress WP Data Access <= 5.5.36 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39581

WordPress Themify Shortcodes <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39579

WordPress Membership For WooCommerce <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39578

WordPress Responsive Blocks <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39577

WordPress PropertyHive <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39576

WordPress WPAdverts <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows Stored XSS. This issue affects WPAdverts: from n/a through 2.2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39575

WordPress WPCasa <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa allows Stored XSS. This issue affects WPCasa: from n/a through 1.3.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39574

WordPress Uix Shortcodes <= 2.0.4 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes allows Stored XSS. This issue affects Uix Shortcodes: from n/a through 2.0.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: