CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24707 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 Photo Gallery Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Reflected XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.24.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24697 |
Description: Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24684 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24676 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metatagg Inc Custom WP Store Locator allows Reflected XSS. This issue affects Custom WP Store Locator: from n/a through 1.4.7.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24661 |
Description: Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24660 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages allows Reflected XSS. This issue affects Simple Membership Custom Messages: from n/a through 2.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24656 |
WordPress Realtyna Provisioning Plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24646 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24643 |
Description: Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-24642 |
Description: Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|