CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24580	WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability Description: Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24579	WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS. This issue affects Nested Pages: from n/a through 3.2.9. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24578	WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24575	WordPress HelloAsso plugin <= 1.1.11 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso allows Stored XSS. This issue affects HelloAsso: from n/a through 1.1.11. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24573	WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows DOM-Based XSS. This issue affects PageLayer: from n/a through 1.9.4. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24572	WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24571	WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24570	WordPress Atarim plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24568	WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2025-24562	WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)