CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24560	WordPress Awesome Event Booking plugin <= 2.7.1 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Awesome TOGI Awesome Event Booking allows Reflected XSS. This issue affects Awesome Event Booking: from n/a through 2.7.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-24551	WordPress Radio Buttons and Swatches for WooCommerce plugin <= 1.1.20 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OneTeamSoftware Radio Buttons and Swatches for WooCommerce allows Reflected XSS. This issue affects Radio Buttons and Swatches for WooCommerce: from n/a through 1.1.20. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-24549	WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Post Meta allows Reflected XSS. This issue affects Post Meta: from n/a through 1.0.9. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-24535	WordPress SKT Donation plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Donation allows Reflected XSS. This issue affects SKT Donation: from n/a through 1.9. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-24534	WordPress DPortfolio plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emili Castells DPortfolio allows Reflected XSS. This issue affects DPortfolio: from n/a through 2.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23990	WordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in jablonczay Scroll Styler. This issue affects Scroll Styler: from n/a through 1.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23989	WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - SabLab Internal Link Builder allows Cross Site Request Forgery. This issue affects Internal Link Builder: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23987	WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23985	WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Brainvireinfo Dynamic URL SEO allows Cross Site Request Forgery. This issue affects Dynamic URL SEO: from n/a through 1.0. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23980	WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full Circle allows Stored XSS. This issue affects Full Circle: from n/a through 0.5.7.8. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)