CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27277 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-27276 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0.
CVSS: HIGH (8.8) EPSS Score: 0.02%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-27272 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion. This issue affects VG PostCarousel: from n/a through 1.1.
CVSS: HIGH (7.5) EPSS Score: 0.12%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-27266 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button allows DOM-Based XSS. This issue affects Hover Image Button: from n/a through 1.1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-27265 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps for WordPress: from n/a through 1.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-26883 |
Description: Missing Authorization vulnerability in bPlugins Animated Text Block allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Animated Text Block: from n/a through 1.0.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-1488 |
Description: The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.
CVSS: MEDIUM (4.7) EPSS Score: 0.02%
February 24th, 2025 (4 months ago)
|
|
CVE-2024-13822 |
Description: The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
|
CVE-2024-13605 |
Description: The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
|
CVE-2024-12308 |
Description: The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|