CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-29003	WordPress The Holiday Calendar <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28997	WordPress WP AutoKeyword <= 1.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28996	WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28995	WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28994	WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28989	WordPress Read More Login <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28986	WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5. CVSS: HIGH (8.2) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28985	WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28984	WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28981	WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)