CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0329	AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS Description: The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9882	Salon Booking System < 10.9.4 - Admin+ Stored XSS Description: The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.02% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9879	Website File Changes < 2.1.1 - Authenticated SQL Injection Description: The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks EPSS Score: 0.03% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9838	Auto Affiliate Links < 6.4.7 - Admin+ SQL Injection Description: The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9831	Taskbuilder < 3.0.9 - Admin+ SQL Injection Description: The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks CVSS: HIGH (7.2) EPSS Score: 0.03% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9765	EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability Description: The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9711	EKC Tournament Manager < 2.2.2 - Delete Tournaments via CSRF Description: The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack CVSS: MEDIUM (5.4) EPSS Score: 0.02% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9709	EKC Tournament Manager < 2.2.2 - Create Tournaments/Teams via CSRF Description: The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack EPSS Score: 0.02% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9663	CYAN Backup < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings Description: The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (29 days ago)
CVE-2024-9662	CYAN Backup < 2.5.3 - Admin+ Stored XSS via General Settings Description: The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (29 days ago)