CyberAlerts

CVE-2025-46520

Description: Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46519

WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Library Downloader: from n/a through 1.3.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46517

WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Blog Manager WP allows Stored XSS. This issue affects Blog Manager WP: from n/a through 1.0.5.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46516

WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46514

WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46513

WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46512

WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46511

WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability

Description: Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46510

WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE

April 24th, 2025 (17 days ago)

CVE-2025-46509

WordPress 360 View <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey Mikhalchuk 360 View allows Stored XSS. This issue affects 360 View: from n/a through 1.1.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 24th, 2025 (17 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-46520	WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46519	WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Library Downloader: from n/a through 1.3.1. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46517	WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Blog Manager WP allows Stored XSS. This issue affects Blog Manager WP: from n/a through 1.0.5. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46516	WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46514	WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46513	WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46512	WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46511	WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71. CVSS: MEDIUM (6.4) EPSS Score: 0.03% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46510	WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE April 24th, 2025 (17 days ago)
CVE-2025-46509	WordPress 360 View <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey Mikhalchuk 360 View allows Stored XSS. This issue affects 360 View: from n/a through 1.1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE April 24th, 2025 (17 days ago)