CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30526 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress allows Cross Site Request Forgery. This issue affects Typekit plugin for WordPress: from n/a through 1.2.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30525 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ProfitShare.ro WP Profitshare allows SQL Injection. This issue affects WP Profitshare: from n/a through 1.4.9.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30523 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marcel-NL Super Simple Subscriptions allows SQL Injection. This issue affects Super Simple Subscriptions: from n/a through 1.1.0.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30522 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design allows Stored XSS. This issue affects Contact Form 7 Material Design: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30521 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top allows Cross Site Request Forgery. This issue affects GP Back To Top: from n/a through 3.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-1203 |
Description: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-1062 |
Description: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (3 months ago)
|
|
CVE-2024-13124 |
Description: The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (3 months ago)
|
|
CVE-2024-10558 |
Description: The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-1446 |
Description: The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
EPSS Score: 0.03%
March 23rd, 2025 (3 months ago)
|