CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-23896	WordPress Mindmeister Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23895	WordPress Add RSS plugin <= 1.5 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23893	WordPress GMap Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23892	WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23891	WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23890	WordPress Easy Tweet Embed plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23887	WordPress Blog Summary plugin <= 0.1.2 β - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 β. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23886	WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23884	WordPress Annie plugin <= 2.1.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-23880	WordPress amr personalise plugin <= 2.10 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through 2.10. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)