CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-30506 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.14% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-30493 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
CVSS: MEDIUM (4.3) EPSS Score: 0.04% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-30469 |
Description: Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.14% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-30451 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.08% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-30439 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9.
CVSS: HIGH (7.1) EPSS Score: 0.11% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-25599 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.
CVSS: HIGH (7.1) EPSS Score: 0.14% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-2476 |
Description: The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.
CVSS: MEDIUM (4.3) EPSS Score: 0.17% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-1692 |
Description: The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.09% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2024-3474 |
Description: The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVSS: HIGH (8.8) EPSS Score: 0.03% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2025-2109 |
Description: The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.
CVSS: MEDIUM (5.8) EPSS Score: 0.06%
March 25th, 2025 (3 months ago)
|