CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24650 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24649 |
Description: Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24647 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24644 |
WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1.
CVSS: MEDIUM (5.9) EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24638 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24636 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24634 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS. This issue affects Orbisius Simple Notice: from n/a through 1.1.3.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24633 |
Description: Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Build Private Store For Woocommerce: from n/a through 1.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24627 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linnea Huxford, LinSoftware Blur Text allows Stored XSS. This issue affects Blur Text: from n/a through 1.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2025-24625 |
Description: Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|