CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1490 |
Description: The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.1%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-2302 |
Description: The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-2276 |
Description: The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate/deactivate plugin modules.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 26th, 2025 (3 months ago)
|
|
CVE-2024-1076 |
Description: The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.
CVSS: MEDIUM (6.5) EPSS Score: 0.11% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2025-30567 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.
CVSS: HIGH (7.5) EPSS Score: 27.88% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2025-28904 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-4533 |
Description: The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks
EPSS Score: 0.09% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2024-4480 |
Description: The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
EPSS Score: 0.07% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3631 |
Description: The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
EPSS Score: 0.1% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3478 |
Description: The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks
EPSS Score: 0.02% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|