CyberAlerts

CVE-2025-22649

WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22648

WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through 2.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22647

WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22646

WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22644

WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22640

WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Stored XSS.This issue affects Paytm Payment Donation: from n/a through 2.3.3.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22638

WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Table For WooCommerce allows Stored XSS.This issue affects Product Table For WooCommerce: from n/a through 1.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22637

WordPress Print PDF Generator and Publisher Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through 1.2.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22634

WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE

March 27th, 2025 (3 months ago)

CVE-2025-22629

WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE

March 27th, 2025 (3 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: