CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12874 |
Description: The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12873 |
Description: The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12812 |
Description: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees.
EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12808 |
Description: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12800 |
Description: The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12770 |
Description: The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12767 |
Description: The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12750 |
Description: The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
EPSS Score: 0.01%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12743 |
Description: The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-12739 |
Description: The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|