CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12041 |
Description: The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 2nd, 2025 (5 months ago)
|
|
CVE-2024-11829 |
Description: The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.06%
February 2nd, 2025 (5 months ago)
|
|
CVE-2025-24749 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24718 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows Reflected XSS. This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24710 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook allows Reflected XSS. This issue affects Gwolle Guestbook: from n/a through 4.7.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24686 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24635 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Reflected XSS. This issue affects Paytm Payment Donation: from n/a through 2.3.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24632 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24609 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PortOne PORTONE 우커머스 결제 allows Reflected XSS. This issue affects PORTONE 우커머스 결제: from n/a through 3.2.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2025-24608 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Mail Queue allows Reflected XSS. This issue affects GD Mail Queue: from n/a through 4.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|