CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-5239

Description: The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-49077

Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-49076

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-49075

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-49074

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-49068

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-49067

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48337

Description: Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48335

Description: Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48329

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
June 6th, 2025 (about 1 month ago)