CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23500 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Ahmed, Technial Architect,[email protected] Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-23498 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Translation.Pro allows Reflected XSS. This issue affects Translation.Pro: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-23495 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-23486 |
Description: Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-23475 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-23462 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-23449 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-22772 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-0429 |
Description: The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS: HIGH (7.2) EPSS Score: 0.05%
January 23rd, 2025 (5 months ago)
|
|
CVE-2025-0428 |
Description: The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS: HIGH (7.2) EPSS Score: 0.05%
January 23rd, 2025 (5 months ago)
|