CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22657
WordPress Atarim plugin <= 4.0.9 - Arbitrary Content Deletion vulnerability
Description: Missing Authorization vulnerability in Vito Peleg Atarim allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Atarim: from n/a through 4.0.9.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-22656
WordPress Cookie Monster Plugin <= 1.2.2 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Oscar Alvarez Cookie Monster allows PHP Local File Inclusion. This issue affects Cookie Monster: from n/a through 1.2.2.

CVSS: HIGH (8.1)

EPSS Score: 0.14%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-22654
WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6.

CVSS: CRITICAL (10.0)

EPSS Score: 1.24%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-22650
WordPress Smartarget.online Integration plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget allows Stored XSS. This issue affects Smartarget: from n/a through 1.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-22645
WordPress Real Estate Manager – Property Listing and Agent Management plugin <= 7.3 - Captcha Bypass Vulnerability vulnerability
Description: Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager allows Password Brute Forcing. This issue affects Real Estate Manager: from n/a through 7.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-22639
WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection. This issue affects Distance Rate Shipping for WooCommerce: from n/a through 1.3.4.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-0864
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting
Description: The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodes_set' parameter in all versions up to, and including, 1.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.08%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-0817
FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
Description: The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS: HIGH (7.2)

EPSS Score: 0.11%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-0805
Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
February 19th, 2025 (4 months ago)

CVE-2025-0796
Mortgage Lead Capture System <= 8.2.10 - Cross-Site Request Forgery to Settings Reset
Description: The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.01%

Source: CVE
February 19th, 2025 (4 months ago)