CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-28902	WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28901	WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users allows Stored XSS. This issue affects Members page only for logged in users: from n/a through 1.4.2. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28900	WordPress TabGarb Pro plugin <= 2.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro allows Stored XSS. This issue affects TabGarb Pro: from n/a through 2.6. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28897	WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28896	WordPress AS English Admin plugin <= 1.0.0 - Open Redirection vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. CVSS: MEDIUM (4.7) EPSS Score: 0.03% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28895	WordPress Custom top bar plugin <= 2.0.2 - CSRF to Stored XSS vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sumanbiswas013 Custom top bar allows Stored XSS. This issue affects Custom top bar: from n/a through 2.0.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28894	WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28892	WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28891	WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)
CVE-2025-28887	WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 11th, 2025 (4 months ago)