CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22290 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition allows SQL Injection. This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-22289 |
Description: Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-22286 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.21.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-22284 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2024-44044 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-1005 |
Description: The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
February 16th, 2025 (4 months ago)
|
|
CVE-2025-0935 |
Description: The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 16th, 2025 (4 months ago)
|
|
CVE-2025-0822 |
Description: Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
February 16th, 2025 (4 months ago)
|
|
CVE-2024-13834 |
Description: The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
February 16th, 2025 (4 months ago)
|
|
CVE-2024-13752 |
Description: The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
February 16th, 2025 (4 months ago)
|