CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-3941 |
Description: The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.
EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|
|
CVE-2024-0820 |
Description: The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
EPSS Score: 0.15% SSVC Exploitation: poc
March 28th, 2025 (3 months ago)
|
|
CVE-2024-1958 |
Description: The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
EPSS Score: 0.11% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|
|
CVE-2024-1279 |
Description: The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
CVSS: MEDIUM (4.3) EPSS Score: 0.38% SSVC Exploitation: poc
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31010 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22767 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in globalpayments GlobalPayments WooCommerce allows Reflected XSS. This issue affects GlobalPayments WooCommerce: from n/a through 1.13.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22575 |
WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22566 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22526 |
Description: Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22523 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|