CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22635 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jyothis Joy Eventer allows Reflected XSS. This issue affects Eventer: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 23rd, 2025 (4 months ago)
|
|
CVE-2025-22633 |
Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give – Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give – Divi Donation Modules: from n/a through 2.0.0.
CVSS: MEDIUM (5.8) EPSS Score: 0.04%
February 23rd, 2025 (4 months ago)
|
|
CVE-2025-22632 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing allows Stored XSS. This issue affects WooCommerce Pricing – Product Pricing: from n/a through 1.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 23rd, 2025 (4 months ago)
|
|
CVE-2025-22631 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation allows Reflected XSS. This issue affects Marketing Automation: from n/a through 1.2.6.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 23rd, 2025 (4 months ago)
|
|
CVE-2024-13728 |
Description: The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.06%
February 23rd, 2025 (4 months ago)
|
|
CVE-2025-27012 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1.
CVSS: HIGH (8.8) EPSS Score: 0.02%
February 22nd, 2025 (4 months ago)
|
|
CVE-2025-26973 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 22nd, 2025 (4 months ago)
|
|
CVE-2025-26776 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.05%
February 22nd, 2025 (4 months ago)
|
|
CVE-2025-26774 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups allows Reflected XSS. This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through 1.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 22nd, 2025 (4 months ago)
|
|
CVE-2025-26764 |
Description: Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 22nd, 2025 (4 months ago)
|