CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49323	WordPress Hydra Booking <= 1.1.10 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking allows SQL Injection. This issue affects Hydra Booking: from n/a through 1.1.10. CVSS: HIGH (8.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49322	WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49320	WordPress FraudLabs Pro for WooCommerce <= 2.22.11 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49318	WordPress WPtouch <= 4.3.60 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPtouch WPtouch allows Stored XSS. This issue affects WPtouch: from n/a through 4.3.60. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49317	WordPress WP Page Loading <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading allows Cross Site Request Forgery. This issue affects WP Page Loading: from n/a through 1.0.6. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49315	WordPress Persian Woocommerce SMS <= 7.0.10 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS allows SQL Injection. This issue affects Persian Woocommerce SMS: from n/a through 7.0.10. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49314	WordPress BRW <= 1.8.6 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ovatheme BRW allows Stored XSS. This issue affects BRW: from n/a through 1.8.6. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49313	WordPress BRW <= 1.8.6 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.8.6. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49311	WordPress The Events Calendar Countdown Addon <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy The Events Calendar Countdown Addon allows Stored XSS. This issue affects The Events Calendar Countdown Addon: from n/a through 1.4.9. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (23 days ago)
CVE-2025-49310	WordPress Frontend Dashboard <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard allows Stored XSS. This issue affects Frontend Dashboard: from n/a through 2.2.8. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (23 days ago)