CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2205 |
Description: The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS: MEDIUM (4.4) EPSS Score: 0.03%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-2078 |
Description: The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS: MEDIUM (4.4) EPSS Score: 0.02%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-2077 |
Description: The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.08%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-2076 |
Description: The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS: MEDIUM (4.4) EPSS Score: 0.02%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-1508 |
Description: The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
March 12th, 2025 (4 months ago)
|
|
CVE-2024-2467 |
Description: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
EPSS Score: 0.11% SSVC Exploitation: none
March 12th, 2025 (4 months ago)
|
|
Description: hostapd provided by Jouni Malinen fails to process RADIUS packets properly, man-in-the-middle attacks may force RADIUS authentications failed.
March 12th, 2025 (4 months ago)
|
|
CVE-2025-2220 |
Description: A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Odyssey CMS bis 10.34 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /modules/odyssey_contact_form/odyssey_contact_form.php der Komponente reCAPTCHA Handler. Durch Manipulation des Arguments g-recaptcha-response mit unbekannten Daten kann eine key management error-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
March 12th, 2025 (4 months ago)
|
|
March 12th, 2025 (4 months ago)
|
|
CVE-2025-2219 |
Description: A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in LoveCards LoveCardsV2 bis 2.3.2 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /api/upload/image. Durch die Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.06%
March 12th, 2025 (4 months ago)
|