CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-26873	WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. CVSS: CRITICAL (9.0) EPSS Score: 0.05% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22740	WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22739	WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-4750	BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment Description: The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request EPSS Score: 0.05% SSVC Exploitation: none Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-3823	Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF Description: The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack EPSS Score: 0.03% SSVC Exploitation: none Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-1658	Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS Description: The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks EPSS Score: 0.16% SSVC Exploitation: poc Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-0757	Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE Description: The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files CVSS: MEDIUM (5.4) EPSS Score: 32.0% SSVC Exploitation: none Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-4372	Carousel Slider < 2.2.11 - Editor+ Stored XSS Description: The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks EPSS Score: 0.03% SSVC Exploitation: none Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-1401	Profile Box Shortcode And Widget < 1.2.1 Admin+ Stored XSS Description: The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) EPSS Score: 0.12% SSVC Exploitation: poc Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-0399	WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection Description: The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. EPSS Score: 1.08% SSVC Exploitation: poc Source: CVE March 27th, 2025 (3 months ago)