CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26876 |
Description: Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.
CVSS: MEDIUM (6.8) EPSS Score: 0.06% SSVC Exploitation: none
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26871 |
Description: Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26868 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fastflow Fast Flow allows Reflected XSS. This issue affects Fast Flow: from n/a through 1.2.16.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26753 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.
CVSS: HIGH (7.5) EPSS Score: 0.06%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26752 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.
CVSS: HIGH (8.6) EPSS Score: 0.07%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26751 |
WordPress Alphabetic Pagination Plugin <= 3.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Alphabetic Pagination allows Reflected XSS. This issue affects Alphabetic Pagination: from n/a through 3.2.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2024-54444 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-1262 |
Description: The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2024-13695 |
Description: The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS: MEDIUM (6.4) EPSS Score: 0.02%
February 25th, 2025 (4 months ago)
|
|
CVE-2024-13693 |
Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
Description: The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 25th, 2025 (4 months ago)
|