CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49435	WordPress Wp Easy Allopass <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49429	WordPress Video Embeds <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds allows Stored XSS. This issue affects Video Embeds: from n/a through 0.1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49427	WordPress Abbie Expander <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Abbie Expander allows Stored XSS. This issue affects Abbie Expander: from n/a through 1.0.1. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49425	WordPress Konami Easter Egg <= v0.4 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49421	WordPress WP Text Expander <= 1.0.1 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49419	WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3. CVSS: MEDIUM (5.5) EPSS Score: 0.04% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49333	WordPress Simple Membership <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3. CVSS: MEDIUM (5.9) EPSS Score: 0.03% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49332	WordPress WP Time Slots Booking Form <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49329	WordPress Store Locator WordPress <= 1.5.2 - Arbitrary File Upload Vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2. CVSS: MEDIUM (6.6) EPSS Score: 0.05% Source: CVE June 6th, 2025 (28 days ago)
CVE-2025-49328	WordPress Store Locator WordPress <= 1.5.1 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE June 6th, 2025 (28 days ago)