CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-23661
WordPress NV Slider plugin <= 1.6 - CSRF to Stored Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23660
WordPress MFPlugin plugin <= 1.3 - CSRF to Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23659
WordPress MercadoLibre Integration plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegykozi MercadoLibre Integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through 1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23654
WordPress Twitter Post plugin <= 0.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Vinícius Krolow Twitter Post allows Stored XSS.This issue affects Twitter Post: from n/a through 0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23649
WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through 1.5.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23644
WordPress QuoteMedia Tools plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kuepper QuoteMedia Tools allows DOM-Based XSS.This issue affects QuoteMedia Tools: from n/a through 1.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23642
WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pflonk Sidebar-Content from Shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through 2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23641
WordPress Powie's pLinks PagePeeker plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Ehrhardt Powie's pLinks PagePeeker allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through 1.0.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23640
WordPress Rename Author Slug plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)

CVE-2025-23639
WordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 17th, 2025 (6 months ago)