CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24701 |
Description: Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery. This issue affects Chained Quiz: from n/a through 1.3.2.9.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24698 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24696 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24695 |
Description: Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24693 |
Description: Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24691 |
Description: Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24687 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode allows Stored XSS. This issue affects Show/Hide Shortcode: from n/a through 1.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24683 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill RSVP and Event Management Plugin allows SQL Injection. This issue affects RSVP and Event Management Plugin: from n/a through 2.7.14.
CVSS: HIGH (7.6) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24682 |
Description: Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|
|
CVE-2025-24681 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows Stored XSS. This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.10.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 25th, 2025 (6 months ago)
|