CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-25147	WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25146	WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25145	WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25144	WordPress Theasys plugin <= 1.0.1 - CSRF to Stored XSS vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25143	WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25141	WordPress Fami Sales Popup plugin <= 2.0.0 - Local File Inclusion vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25140	WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25139	WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25138	WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25136	WordPress Optimate Ads plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)