CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization Description: WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability. Source: Japan Vulnerability Notes (JVN) April 1st, 2025 (3 months ago)
	Hackers abuse WordPress MU-Plugins to hide malicious code Description: Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...] Source: BleepingComputer March 31st, 2025 (3 months ago)
	Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images Description: Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the Source: TheHackerNews March 31st, 2025 (3 months ago)
CVE-2025-31629	WordPress Infusionsoft Web Form JavaScript plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript allows Stored XSS. This issue affects Infusionsoft Web Form JavaScript: from n/a through 1.1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31627	WordPress Media Library Assistant plugin <= 3.24 - Stored Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.24. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31625	WordPress Useinfluence plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31624	WordPress Processing Projects plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LABCAT Processing Projects allows DOM-Based XSS. This issue affects Processing Projects: from n/a through 1.0.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31623	WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31621	WordPress byBrick Accordion plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion allows Stored XSS. This issue affects byBrick Accordion: from n/a through 1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)
CVE-2025-31620	WordPress CoverManager plugin <= 0.0.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager allows Stored XSS. This issue affects CoverManager: from n/a through 0.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 31st, 2025 (3 months ago)