CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13627	WP Touch Slider <= 2.2 - Reflected XSS Description: The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. CVSS: MEDIUM (4.7) EPSS Score: 0.05% Source: CVE February 18th, 2025 (4 months ago)
CVE-2024-13626	VR Frases <= 3.0.1 - Reflected XSS Description: The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 18th, 2025 (4 months ago)
CVE-2024-13625	Tube Video Ads Lite <= 1.5.7 - Reflected XSS Description: The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 18th, 2025 (4 months ago)
CVE-2024-13608	Track Logins <= 1.0 - Admin+ SQL Injection Description: The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks CVSS: MEDIUM (4.7) EPSS Score: 0.03% Source: CVE February 18th, 2025 (4 months ago)
CVE-2024-13603	Wise Forms <= 1.2.0 - Unauthenticated Stored XSS Description: The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions. EPSS Score: 0.03% Source: CVE February 18th, 2025 (4 months ago)
CVE-2025-26779	WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0. CVSS: MEDIUM (4.9) EPSS Score: 0.04% Source: CVE February 17th, 2025 (4 months ago)
CVE-2025-26768	WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 17th, 2025 (4 months ago)
CVE-2025-26767	WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 17th, 2025 (4 months ago)
CVE-2025-26766	WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 17th, 2025 (4 months ago)
CVE-2025-26765	WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 17th, 2025 (4 months ago)