CyberAlerts

CVE-2025-39438

WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39437

WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39436

WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39435

WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39434

WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability

Description: Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39433

WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39432

WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39431

WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39430

WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39429

WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo allows PHP Local File Inclusion. This issue affects Széchenyi 2020 Logo: from n/a through 1.1.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (1 day ago)

Threat and Vulnerability Intelligence Database

Example Searches: