CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-28995	WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28994	WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28989	WordPress Read More Login <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28986	WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5. CVSS: HIGH (8.2) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28985	WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28984	WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28981	WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28974	WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28966	WordPress Recent Posts Slider Responsive plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)
CVE-2025-28964	WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE June 6th, 2025 (24 days ago)