CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30776	WordPress Sitekit <= 1.8 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.8. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30775	WordPress WPGuppy plugin <= 1.1.3 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy allows SQL Injection. This issue affects WPGuppy: from n/a through 1.1.3. CVSS: HIGH (8.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30773	WordPress TranslatePress <= 2.9.6 - PHP Object Injection Vulnerability Description: Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6. CVSS: HIGH (7.2) EPSS Score: 0.06% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30772	WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability Description: Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4. CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30771	WordPress WP Cassify <= 2.3.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alain-Aymerick FRANCOIS WP Cassify allows DOM-Based XSS. This issue affects WP Cassify: from n/a through 2.3.5. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30770	WordPress Charitable <= 1.8.4.7 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows DOM-Based XSS. This issue affects Charitable: from n/a through 1.8.4.7. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30769	WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30768	WordPress jAlbum Bridge <= 2.0.18 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows Stored XSS. This issue affects jAlbum Bridge: from n/a through 2.0.18. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30767	WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability Description: Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0. CVSS: MEDIUM (5.4) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)
CVE-2025-30766	WordPress Happy Addons for Elementor <= 3.16.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects Happy Addons for Elementor: from n/a through 3.16.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE March 27th, 2025 (3 months ago)