CyberAlerts

CVE-2025-31012

WordPress Age Gate <= 3.5.4 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-31009

WordPress IndieBlocks <= 0.13.1 - Server Side Request Forgery (SSRF) Vulnerability

Description: Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.

CVSS: MEDIUM (5.4)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-31008

WordPress YouTube Embed <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YouTube Embed Plugin Support YouTube Embed allows Stored XSS. This issue affects YouTube Embed: from n/a through 5.3.1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-31005

WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request Forgery. This issue affects Easyfonts: from n/a through 1.1.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-31004

WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-31003

WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability

Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6.

CVSS: LOW (2.7)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-31002

WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2024-8243

Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF

Description: The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2024-6860

WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF

Description: The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2024-6857

WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF

Description: The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: