CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23622 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CBX Accounting & Bookkeeping allows Reflected XSS. This issue affects CBX Accounting & Bookkeeping: from n/a through 1.3.14.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23621 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Causes – Donation Plugin allows Reflected XSS. This issue affects Causes – Donation Plugin: from n/a through 1.0.01.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23574 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23531 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David F. Carr RSVPMaker Volunteer Roles allows Reflected XSS. This issue affects RSVPMaker Volunteer Roles: from n/a through 1.5.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23529 |
Description: Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23522 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young HM Portfolio allows Reflected XSS. This issue affects HM Portfolio: from n/a through 1.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23457 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clodeo Shipdeo allows Reflected XSS. This issue affects Shipdeo: from n/a through 1.2.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-22513 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS. This issue affects Simple Locator: from n/a through 2.0.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-0357 |
Description: The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-0350 |
Description: The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|