CyberAlerts

CVE-2025-39420

WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button allows Stored XSS. This issue affects WP Twitter Button: from n/a through 1.4.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-39419

WordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS. This issue affects Revision Diet: from n/a through 1.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-39418

WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-39417

WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-39416

WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-39415

WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-39414

WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-32686

WordPress Team Members <= 3.4.0 - PHP Object Injection Vulnerability

Description: Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-32682

WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE

April 17th, 2025 (3 days ago)

CVE-2025-32674

WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through 4.7.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (3 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: