CyberAlerts

CVE-2025-39444

WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons allows Stored XSS. This issue affects MaxButtons: from n/a through 9.8.3.

CVSS: MEDIUM (5.9)

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39443

WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

CVSS: MEDIUM (4.3)

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39442

WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39441

WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39440

WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39439

WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability

Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9.

CVSS: MEDIUM (5.3)

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39438

WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.

CVSS: MEDIUM (4.3)

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39437

WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.3.

CVSS: MEDIUM (4.3)

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39436

WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

CVSS: CRITICAL (9.1)

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (about 3 hours ago)

CVE-2025-39435

WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6.

CVSS: HIGH (7.1)

Source: CVE

April 17th, 2025 (about 3 hours ago)

Threat and Vulnerability Intelligence Database

Example Searches: