CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31068 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 16th, 2025 (28 days ago)
|
|
CVE-2025-31066 |
Description: Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (28 days ago)
|
|
CVE-2025-31065 |
Description: Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (28 days ago)
|
|
CVE-2025-31063 |
Description: Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (28 days ago)
|
|
CVE-2025-31062 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (28 days ago)
|
|
CVE-2025-3516 |
Description: The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 16th, 2025 (29 days ago)
|
|
CVE-2025-3201 |
Description: The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 16th, 2025 (29 days ago)
|
|
CVE-2025-4169 |
Description: The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 16th, 2025 (29 days ago)
|
|
CVE-2025-47275 |
Description: Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using the Auth0-PHP SDK, or the Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress SDKs that rely on the Auth0-PHP SDK; and session storage configured with CookieStore. Upgrade Auth0/Auth0-PHP to v8.14.0 to receive a patch. As an additional precautionary measure, rotating cookie encryption keys is recommended. Note that once updated, any previous session cookies will be rejected.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
May 15th, 2025 (29 days ago)
|
|
CVE-2025-2248 |
Description: The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 15th, 2025 (29 days ago)
|