CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25077 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25076 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25075 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25074 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25073 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25072 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25071 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-1061 |
Description: The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-9664 |
Description: The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS: HIGH (7.2) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2024-9661 |
Description: The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|