CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-22701	WordPress Traveler Layout Essential For Elementor plugin <= 1.0.8 - Server Side Request Forgery (SSRF) vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22695	WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability Description: Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22694	WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22693	WordPress Contest Gallery plugin <= 25.1.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22691	WordPress WP Travel plugin <= 10.1.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22690	WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22688	WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22686	WordPress CF7 Google Sheets Connector plugin <= 5.0.17 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22685	WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2025-22684	WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking allows Stored XSS. This issue affects WP BASE Booking: from n/a through 5.0.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)