CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12278 |
Description: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.09%
April 1st, 2025 (3 months ago)
|
|
CVE-2024-12189 |
Description: The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31415 |
Description: Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31409 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31095 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31087 |
Description: Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31084 |
Description: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31074 |
Description: Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2.
CVSS: HIGH (8.8) EPSS Score: 0.05%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31024 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts allows SQL Injection. This issue affects RJ Quickcharts: from n/a through 0.6.1.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31001 |
Description: Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 1st, 2025 (3 months ago)
|