CyberAlerts

CVE-2025-39573

WordPress WP Posts Carousel <= 1.3.10 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.10.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39572

WordPress Checkout for PayPal <= 1.0.38 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal allows Stored XSS. This issue affects Checkout for PayPal: from n/a through 1.0.38.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39571

WordPress WowStore <= 4.2.4 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39570

WordPress WPCOM Member <= 1.7.7 - Local File Inclusion Vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7.

CVSS: HIGH (8.8)

EPSS Score: 0.11%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39566

WordPress Hostel <= 1.1.5.6 - SQL Injection Vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel allows Blind SQL Injection. This issue affects Hostel: from n/a through 1.1.5.6.

CVSS: HIGH (7.6)

EPSS Score: 0.03%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39565

WordPress MelaPress Login Security <= 2.1.0 - PHP Object Injection Vulnerability

Description: Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0.

CVSS: MEDIUM (6.6)

EPSS Score: 0.04%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39564

WordPress Conditional Shipping for WooCommerce <= 3.4.0 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39563

WordPress Conditional Payments for WooCommerce <= 3.3.0 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Payments for WooCommerce: from n/a through 3.3.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39560

WordPress Live Forms plugin <= 4.8.4 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE

April 16th, 2025 (4 days ago)

CVE-2025-39557

WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.14.

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

Source: CVE

April 16th, 2025 (4 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: