CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30822	WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery. This issue affects Custom Login Logo: from n/a through 1.1.7. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30821	WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30820	WordPress WishSuite plugin <= 1.4.4 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite allows PHP Local File Inclusion. This issue affects WishSuite: from n/a through 1.4.4. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30819	WordPress Simple Giveaways plugin <= 2.48.1 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways allows SQL Injection. This issue affects Simple Giveaways: from n/a through 2.48.1. CVSS: HIGH (8.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30818	WordPress jAlbum Bridge plugin <= 2.0.17 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows DOM-Based XSS. This issue affects jAlbum Bridge: from n/a through 2.0.17. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30817	WordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in wpzita Z Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Z Companion: from n/a through 1.0.13. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30816	WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification allows Cross Site Request Forgery. This issue affects publish post email notification: from n/a through 1.0.2.3. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30815	WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30814	WordPress The Post Grid plugin <= 7.7.17 - Local File Inclusion vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid allows PHP Local File Inclusion. This issue affects The Post Grid: from n/a through 7.7.17. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30813	WordPress Listamester plugin <= 2.3.5 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.5. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)