CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31443 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It allows Stored XSS. This issue affects KK I Like It: from n/a through 1.7.5.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31440 |
WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use allows Stored XSS. This issue affects Terms of Use: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31439 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31438 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery. This issue affects WP Supersized: from n/a through 3.1.6.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31437 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP allows Stored XSS. This issue affects WP-OGP: from n/a through 1.0.5.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31435 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster allows Stored XSS. This issue affects Microblog Poster: from n/a through 2.1.6.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31434 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Stored XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.19.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31433 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds allows Stored XSS. This issue affects Magic Embeds: from n/a through 3.1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-31432 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop allows PHP Local File Inclusion. This issue affects Pop-Up Chop Chop: from n/a through 2.1.7.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 28th, 2025 (3 months ago)
|
|
CVE-2025-2815 |
Description: The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 28th, 2025 (3 months ago)
|