CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-28862
WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28861
WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28860
WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28859
WordPress Maintenance Notice plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28857
WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-28856
WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-1707
Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta
Description: The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

CVSS: HIGH (8.8)

EPSS Score: 0.1%

Source: CVE
March 11th, 2025 (4 months ago)
GiveWP Plugin for WordPress < 3.20.0 Remote Code Execution
Description: Web App Scanning Plugin ID 114618 with Critical Severity Synopsis GiveWP Plugin for WordPress < 3.20.0 Remote Code Execution Description The WordPress GiveWP Plugin installed on the remote host is affected by a PHP object injection vulnerability.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to GiveWP Plugin for WordPress 3.20.0 or latest. Read more at https://www.tenable.com/plugins/was/114618
Source: Tenable Plugins
March 11th, 2025 (4 months ago)
Newscrunch Plugin for WordPress < 1.8.4.1 Arbitrary File Upload
Description: Web App Scanning Plugin ID 114629 with Critical Severity Synopsis Newscrunch Plugin for WordPress < 1.8.4.1 Arbitrary File Upload Description The WordPress Newscrunch Plugin installed on the remote host is affected by an Arbitrary File Upload.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Newscrunch 1.8.4.1 or later. Read more at https://www.tenable.com/plugins/was/114629
Source: Tenable Plugins
March 11th, 2025 (4 months ago)

CVE-2024-13228
Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content
Description: The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
March 11th, 2025 (4 months ago)