Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High1
Medium4
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-09-24

CVE-2025-10380 - And More Plugin

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Model panel. This makes it possible for authenticated attackers, with author-level access or higher, to execute arbitrary PHP code and commands on the server.

PLUGIN And More

CVE-2025-10380

HIGH CVSS 8.8 2025-09-23
Open Full Technical Breakdown
Threat Entry Updated 2024-10-08

CVE-2024-8800 - And More Plugin

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN And More

CVE-2024-8800

MEDIUM CVSS 6.1 2024-10-02
Open Full Technical Breakdown
Threat Entry Updated 2024-10-07

CVE-2024-8793 - And More Plugin

The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN And More

CVE-2024-8793

MEDIUM CVSS 6.1 2024-10-01
Open Full Technical Breakdown
Threat Entry Updated 2024-08-30

CVE-2024-8200 - And More Plugin

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN And More

CVE-2024-8200

MEDIUM CVSS 4.3 2024-08-27
Open Full Technical Breakdown
Threat Entry Updated 2024-08-30

CVE-2024-8199 - And More Plugin

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update API Key options.

PLUGIN And More

CVE-2024-8199

MEDIUM CVSS 4.3 2024-08-27
Open Full Technical Breakdown
Scroll to top