CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-22585	WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Ultimate Image Hover Effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through 1.1.2. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22584	WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pluginspoint Timeline Pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through 1.3. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22582	WordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot: from n/a through 0.1.3. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22581	WordPress Arcade Ready plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready allows Stored XSS.This issue affects Arcade Ready: from n/a through 1.1. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22580	WordPress Biltorvet Dealer Tools plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biltorvet A/S Biltorvet Dealer Tools allows Stored XSS.This issue affects Biltorvet Dealer Tools: from n/a through 1.0.22. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22579	WordPress WP Header Notification plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly WP Header Notification allows Stored XSS.This issue affects WP Header Notification: from n/a through 1.2.7. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22578	WordPress WP Cookie plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WP Cookie allows Stored XSS.This issue affects WP Cookie: from n/a through 1.0.0. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22577	WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Damion Armentrout Able Player allows DOM-Based XSS.This issue affects Able Player: from n/a through 1.0. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22574	WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Motacek ICS Button allows Stored XSS.This issue affects ICS Button: from n/a through 0.6. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2025-22573	WordPress Icons Enricher plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in copist Icons Enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through 1.0.8. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)