CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29005 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-29003 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28997 |
Description: Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28996 |
Description: Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28995 |
Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28994 |
Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28989 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28986 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.
CVSS: HIGH (8.2) EPSS Score: 0.02%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28985 |
Description: Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
June 6th, 2025 (24 days ago)
|
|
CVE-2025-28984 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 6th, 2025 (24 days ago)
|