CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27320	WordPress Profile Widget Ninja plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pankaj Mondal Profile Widget Ninja allows DOM-Based XSS. This issue affects Profile Widget Ninja: from n/a through 4.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27318	WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27317	WordPress RAYS Grid Plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid allows Cross Site Request Forgery. This issue affects RAYS Grid: from n/a through 1.3.1. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27316	WordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization allows Cross Site Request Forgery. This issue affects JPG, PNG Compression and Optimization: from n/a through 1.7.35. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27315	WordPress All-In-One Cufon Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon allows Cross Site Request Forgery. This issue affects All-In-One Cufon: from n/a through 1.3.0. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27312	WordPress WP Sitemap plugin <= 1.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jenst WP Sitemap allows SQL Injection. This issue affects WP Sitemap: from n/a through 1.0. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27311	WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator allows Cross Site Request Forgery. This issue affects Bulk Content Creator: from n/a through 1.2.1. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27307	WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama allows Reflected XSS. This issue affects Quotes llama: from n/a through 3.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27306	WordPress Pathomation plugin <= 2.5.1 - Stored Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pathomation Pathomation allows Stored XSS. This issue affects Pathomation: from n/a through 2.5.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE February 24th, 2025 (4 months ago)
CVE-2025-27305	WordPress Table of Contents Block plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Achal Jain Table of Contents Block allows Stored XSS. This issue affects Table of Contents Block: from n/a through 1.0.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE February 24th, 2025 (4 months ago)