CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22628 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22497 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widget: from n/a through 2.5.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22496 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell allows Stored XSS.This issue affects Notif Bell: from n/a through 0.9.8.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22278 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-5627 |
Description: The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.
EPSS Score: 0.06% SSVC Exploitation: poc
March 27th, 2025 (3 months ago)
|
|
CVE-2024-4856 |
Description: The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
EPSS Score: 0.18% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-37474 |
Description: Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.06% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-37472 |
Description: Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-3642 |
Description: The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
EPSS Score: 0.09% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-1588 |
Description: The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.29% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|