CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12878 |
Description: The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-12737 |
Description: The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-10563 |
Description: The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-10483 |
Description: The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-10152 |
Description: The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-12434 |
Description: The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
CVE-2025-27000 |
Description: Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26995 |
Description: Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26993 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26991 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS. This issue affects WPPizza: from n/a through 3.19.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|