CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23436 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23435 |
WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23434 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Albertolabs.com Easy EU Cookie law allows Stored XSS.This issue affects Easy EU Cookie law: from n/a through 1.3.3.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23432 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report allows Reflected XSS.This issue affects AlT Report: from n/a through 1.12.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23430 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23429 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altimawebsystems.com Altima Lookbook Free for WooCommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23426 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23424 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny – Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23423 |
Description: Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-23201 |
Description: librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|