CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-26980

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wired Impact Wired Impact Volunteer Management allows Stored XSS. This issue affects Wired Impact Volunteer Management: from n/a through 2.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26979

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.9.0.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26977

Description: Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1.

CVSS: LOW (3.8)

EPSS Score: 0.03%

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26975

Description: Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26974

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26971

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26966

Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

CVSS: CRITICAL (9.8)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26965

Description: Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Amelia: from n/a through 1.2.16.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26964

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.

CVSS: HIGH (7.5)

EPSS Score: 0.12%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (4 months ago)

CVE-2025-26963

Description: Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request Forgery. This issue affects ClickWhale: from n/a through 2.4.3.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
February 25th, 2025 (4 months ago)