CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0677 |
Description: The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
CVSS: MEDIUM (5.1) EPSS Score: 0.07% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3992 |
Description: The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.13% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-37227 |
Description: Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
CVSS: MEDIUM (4.3) EPSS Score: 0.04% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3477 |
Description: The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks
EPSS Score: 0.02% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2025-26742 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-4535 |
Description: The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
EPSS Score: 0.12% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3552 |
Description: The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
EPSS Score: 93.2% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|
|
CVE-2024-31120 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.09% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-31095 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0.
EPSS Score: 0.3% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-31094 |
Description: Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.
EPSS Score: 0.42% SSVC Exploitation: poc
March 25th, 2025 (3 months ago)
|