CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22683 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22682 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22681 |
Description: Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22679 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Reflected XSS. This issue affects Job Board Manager: from n/a through 2.1.60.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22677 |
Description: Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22292 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22260 |
Description: Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-50500 |
Description: Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-43333 |
Description: Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-13651 |
Description: The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|