CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-23978	WordPress FlashCounter plugin <= 1.1.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Ninos Ego FlashCounter allows Stored XSS. This issue affects FlashCounter: from n/a through 1.1.8. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23977	WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Post Carousel Slider allows Stored XSS. This issue affects Post Carousel Slider: from n/a through 2.0.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23976	WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Pedro Marcelo Issuu Panel allows Stored XSS. This issue affects Issuu Panel: from n/a through 2.1.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23759	WordPress Affiliate Tools Việt Nam plugin <= 0.3.17 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leduchuy89vn Affiliate Tools Việt Nam allows Reflected XSS. This issue affects Affiliate Tools Việt Nam: from n/a through 0.3.17. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23671	WordPress WP OpenSearch plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Savina WP OpenSearch allows Stored XSS. This issue affects WP OpenSearch: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-23596	WordPress Notifikácie.sk plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Notifikacie.sk Notifikácie.sk allows Reflected XSS. This issue affects Notifikácie.sk: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-22757	WordPress CodeBard Help Desk plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk allows Stored XSS. This issue affects CodeBard Help Desk: from n/a through 1.1.2. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-22720	WordPress WpRently \| WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.1. CVSS: MEDIUM (5.8) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-22564	WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Pretty Url allows Reflected XSS. This issue affects Pretty Url: from n/a through 1.5.4. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2025-22341	WordPress Hide Login+ plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad Hossein Aghanabi Hide Login+ allows Reflected XSS. This issue affects Hide Login+: from n/a through 3.5.1. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)