CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-1619	GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS Description: The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE March 16th, 2025 (3 months ago)
CVE-2024-13602	Poll Maker < 5.5.4 - Admin+ Stored XSS Description: The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE March 16th, 2025 (3 months ago)
CVE-2024-13126	Download Manager < 3.3.07 - Unauthenticated Data Exposure Description: The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. EPSS Score: 1.17% Source: CVE March 16th, 2025 (3 months ago)
CVE-2025-27281	WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE March 15th, 2025 (3 months ago)
CVE-2025-26978	WordPress FS Poster plugin <= 6.5.8 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8. CVSS: HIGH (8.5) EPSS Score: 0.03% Source: CVE March 15th, 2025 (3 months ago)
CVE-2025-26976	WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE March 15th, 2025 (3 months ago)
CVE-2025-26972	WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE March 15th, 2025 (3 months ago)
CVE-2025-26969	WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability Description: Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. CVSS: HIGH (8.3) EPSS Score: 0.04% Source: CVE March 15th, 2025 (3 months ago)
CVE-2025-26961	WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability Description: Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0. CVSS: HIGH (8.6) EPSS Score: 0.05% Source: CVE March 15th, 2025 (3 months ago)
CVE-2025-26940	WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vulnerability Description: Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. CVSS: MEDIUM (6.3) EPSS Score: 0.05% Source: CVE March 15th, 2025 (3 months ago)