CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-48136	WordPress Mortgage Calculator Estatik <= 2.0.12 - Local File Inclusion Vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48135	WordPress Aptivada for WP <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48134	WordPress WP Tabs <= 2.2.11 - PHP Object Injection Vulnerability Description: Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11. CVSS: HIGH (7.2) EPSS Score: 0.06% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48132	WordPress X Addons for Elementor <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48131	WordPress UltraAddons Elementor Lite <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48128	WordPress Sharespine Woocommerce Connector <= 4.7.55 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48127	WordPress Push notification for Mobile and Web app <= 2.0.3 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48121	WordPress WP Notes Widget <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a through 1.0.6. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48120	WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary Shortcode Execution vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48119	WordPress RS WP Book Showcase plugin <= 6.7.41 - Arbitrary Shortcode Execution vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 16th, 2025 (27 days ago)