CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22634 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22629 |
Description: Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22628 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22497 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widget: from n/a through 2.5.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22496 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell allows Stored XSS.This issue affects Notif Bell: from n/a through 0.9.8.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22278 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-5627 |
Description: The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.
EPSS Score: 0.06% SSVC Exploitation: poc
March 27th, 2025 (3 months ago)
|
|
CVE-2024-4856 |
Description: The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
EPSS Score: 0.18% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-37474 |
Description: Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.06% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-37472 |
Description: Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|