CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-3824	Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF Description: The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack EPSS Score: 0.03% SSVC Exploitation: poc Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-2744	Nextgen Gallery < 3.59.1 - Admin+ Stored XSS Description: The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed EPSS Score: 0.11% SSVC Exploitation: poc Source: CVE March 27th, 2025 (3 months ago)
CVE-2024-1319	Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure Description: The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts). CVSS: MEDIUM (4.3) EPSS Score: 0.1% SSVC Exploitation: poc Source: CVE March 27th, 2025 (3 months ago)
	WordPress Hide My WP Ghost Plugin <= 5.4.01 is vulnerable to Local File Inclusion Description: WordPress Hide My WP Ghost Plugin <= 5.4.01 is vulnerable to Local File Inclusion Source: DarkWebInformer March 27th, 2025 (3 months ago)
CVE-2025-26909	WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01. CVSS: CRITICAL (9.6) EPSS Score: 0.11% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-26762	WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22783	WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03. CVSS: HIGH (8.5) EPSS Score: 0.1% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22659	WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22658	WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through 1.2.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-22652	WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1. CVSS: HIGH (7.6) EPSS Score: 0.11% Source: CVE March 27th, 2025 (3 months ago)