CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26766
WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-26765
WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-26761
WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-26759
WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-26755
WordPress WP Airbnb Review Slider Plugin <= 3.9 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-23975
WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-22689
WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators allows Stored XSS. This issue affects Forex Calculators: from n/a through 1.3.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-22680
WordPress Ad Inserter Pro plugin <= 2.7.39 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: from n/a through 2.7.39.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-22676
WordPress Upcasted S3 Offload plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through 3.0.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)

CVE-2025-22291
WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerability
Description: Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (4 months ago)