CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-25135	WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25128	WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25126	WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25125	WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25123	WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25120	WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25117	WordPress Smart Countdown FX plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25116	WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25111	WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)
CVE-2025-25110	WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 8th, 2025 (5 months ago)