CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-24606

Description: Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1.

CVSS: MEDIUM (6.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24603

Description: Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24601

Description: Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24600

Description: Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24593

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24590

Description: Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24584

Description: Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24540

Description: Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24538

Description: Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24537

Description: Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)