CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22501 |
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a through 1.6.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22360 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|
|
CVE-2025-22356 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|
|
CVE-2024-54362 |
Description: Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3.
CVSS: HIGH (8.1) EPSS Score: 0.06%
March 28th, 2025 (3 months ago)
|
|
CVE-2024-54291 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10.
CVSS: HIGH (8.6) EPSS Score: 0.06%
March 28th, 2025 (3 months ago)
|
|
CVE-2024-51624 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 28th, 2025 (3 months ago)
|
|
CVE-2024-0904 |
Description: The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.47% SSVC Exploitation: none
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31474 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31473 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31472 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS. This issue affects Flatty: from n/a through 2.0.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 28th, 2025 (3 months ago)
|