CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-48119	WordPress RS WP Book Showcase plugin <= 6.7.41 - Arbitrary Shortcode Execution vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48117	WordPress WooCommerce POS <= 1.7.8 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48116	WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48115	WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2. CVSS: MEDIUM (4.3) EPSS Score: 0.02% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48114	WordPress ShayanWeb Admin FontChanger plugin <= 1.8.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1. CVSS: HIGH (7.1) EPSS Score: 0.02% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48113	WordPress Broadstreet <= 1.51.8 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.8. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48112	WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48080	WordPress Uncanny Toolkit for LearnDash <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.2. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-48079	WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE May 16th, 2025 (27 days ago)
CVE-2025-47693	WordPress Fat Services Booking plugin <= 5.5 - Local File Inclusion vulnerability Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking allows PHP Local File Inclusion. This issue affects FAT Services Booking: from n/a through 5.5. CVSS: HIGH (7.5) EPSS Score: 0.13% Source: CVE May 16th, 2025 (27 days ago)