CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0780 |
Description: The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action
CVSS: HIGH (8.8) EPSS Score: 0.58% SSVC Exploitation: poc
March 14th, 2025 (3 months ago)
|
|
CVE-2024-6517 |
Description: The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
EPSS Score: 2.61% SSVC Exploitation: poc
March 14th, 2025 (4 months ago)
|
|
CVE-2024-6230 |
Description: The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack
EPSS Score: 0.13% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2024-5003 |
Description: The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
EPSS Score: 0.08% SSVC Exploitation: poc
March 14th, 2025 (4 months ago)
|
|
CVE-2024-37471 |
Description: Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.
CVSS: HIGH (7.1) EPSS Score: 0.13% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2025-2232 |
Description: The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
CVSS: CRITICAL (9.8) EPSS Score: 0.21%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-13773 |
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
CVSS: HIGH (7.3) EPSS Score: 0.07%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-13772 |
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation.
CVSS: MEDIUM (5.6) EPSS Score: 0.1%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-13771 |
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-12810 |
Description: The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
CVSS: HIGH (8.8) EPSS Score: 0.05%
March 14th, 2025 (4 months ago)
|