Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-2330 - Before 1 Plugin
The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
PLUGIN
Before 1
CVE-2023-2330
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2329 - Before 1 Plugin
The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
PLUGIN
Before 1
CVE-2023-2329
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3129 - Before 1 Plugin
The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2023-3129
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-2964 - Before 1 Plugin
The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-2964
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-2967 - Before 1 Plugin
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2023-2967
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2635 - Before 1 Plugin
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2023-2635
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2028 - Before 1 Plugin
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2023-2028
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1208 - Before 1 Plugin
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.
PLUGIN
Before 1
CVE-2023-1208
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2333 - Before 1 Plugin
The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 1
CVE-2023-2333
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2324 - Before 1 Plugin
The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 1
CVE-2023-2324
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2010 - Before 1 Plugin
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
PLUGIN
Before 1
CVE-2023-2010
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2744 - Before 1 Plugin
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
PLUGIN
Before 1
CVE-2023-2744
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-2743 - Before 1 Plugin
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 1
CVE-2023-2743
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2326 - Before 1 Plugin
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
PLUGIN
Before 1
CVE-2023-2326
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1891 - Before 1 Plugin
The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
PLUGIN
Before 1
CVE-2023-1891
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2580 - Before 1 Plugin
The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
PLUGIN
Before 1
CVE-2023-2580
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2654 - Before 1 Plugin
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 1
CVE-2023-2654
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2399 - Before 1 Plugin
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
PLUGIN
Before 1
CVE-2023-2399
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-2600 - Before 1 Plugin
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2023-2600
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2527 - Before 1 Plugin
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
PLUGIN
Before 1
CVE-2023-2527
Risk Score