CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13487 |
Description: The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.05%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-1028 |
Description: The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit.
CVSS: HIGH (8.1) EPSS Score: 0.09%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-33542 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-13829 |
Description: The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24677 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24648 |
Description: Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24602 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24599 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24598 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23645 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|