CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27351
WordPress Local Search SEO Contact Page plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpertBusinessSearch Local Search SEO Contact Page allows Stored XSS. This issue affects Local Search SEO Contact Page: from n/a through 4.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27349
WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nurelm Get Posts allows Stored XSS. This issue affects Get Posts: from n/a through 0.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27348
WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO allows Stored XSS. This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a through 1.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27347
WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techmix Direct Checkout Button for WooCommerce allows Stored XSS. This issue affects Direct Checkout Button for WooCommerce: from n/a through 1.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27344
WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview allows Cross Site Request Forgery. This issue affects Phee's LinkPreview: from n/a through 1.6.7.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27342
WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia allows Cross Site Request Forgery. This issue affects WooCommerce Recargo de Equivalencia: from n/a through 1.6.24.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27341
WordPress Reactive Mortgage Calculator plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in afzal_du Reactive Mortgage Calculator allows Stored XSS. This issue affects Reactive Mortgage Calculator: from n/a through 1.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27340
WordPress F12-Profiler Plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Marc F12-Profiler allows Cross Site Request Forgery. This issue affects F12-Profiler: from n/a through 1.3.9.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27339
WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength allows Cross Site Request Forgery. This issue affects Minimum Password Strength: from n/a through 1.2.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27336
WordPress Just Variables Plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables allows Cross Site Request Forgery. This issue affects Just Variables: from n/a through 1.2.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (4 months ago)