CyberAlerts

CVE-2025-39580

WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

CVSS: MEDIUM (5.8)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39569

WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39568

WordPress StoreContrl Woocommerce <= 4.1.3 - Arbitrary File Download Vulnerability

Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3.

CVSS: HIGH (7.5)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39567

WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39562

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39559

WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39558

WordPress CRM Perks plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39554

WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39551

WordPress FluentBoards <= 1.47 - PHP Object Injection Vulnerability

Description: Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-39550

WordPress FluentCommunity <= 1.2.15 - PHP Object Injection Vulnerability

Description: Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

April 17th, 2025 (2 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: