Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total13
Critical0
High4
Medium8
Reset
Showing 1-13 of 13 records
Threat Entry Updated 2026-01-09

CVE-2025-10723 - Before 11 Plugin

The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks

PLUGIN Before 11

CVE-2025-10723

LOW CVSS 2.7 2025-10-24
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2024-9227 - Before 11 Plugin

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Before 11

CVE-2024-9227

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2024-9230 - Before 11 Plugin

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks

PLUGIN Before 11

CVE-2024-9230

MEDIUM CVSS 5.9 2025-04-14
Open Full Technical Breakdown
Threat Entry Updated 2025-06-18

CVE-2023-6037 - Before 11 Plugin

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 11

CVE-2023-6037

MEDIUM CVSS 4.8 2024-01-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-26

CVE-2023-4930 - Before 11 Plugin

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

PLUGIN Before 11

CVE-2023-4930

MEDIUM CVSS 6.5 2023-11-06
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2023-4820 - Before 11 Plugin

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.

PLUGIN Before 11

CVE-2023-4820

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4019 - Before 11 Plugin

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

PLUGIN Before 11

CVE-2023-4019

HIGH CVSS 8.8 2023-09-04
Open Full Technical Breakdown
Threat Entry Updated 2025-03-21

CVE-2023-0259 - Before 11 Plugin

The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

PLUGIN Before 11

CVE-2023-0259

HIGH CVSS 8.8 2023-02-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1801 - Before 11 Plugin

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.

PLUGIN Before 11

CVE-2022-1801

HIGH CVSS 7.5 2022-06-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25019 - Before 11 Plugin

The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Before 11

CVE-2021-25019

MEDIUM CVSS 6.1 2022-03-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0426 - Before 11 Plugin

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting

PLUGIN Before 11

CVE-2022-0426

MEDIUM CVSS 5.4 2022-03-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0383 - Before 11 Plugin

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks

PLUGIN Before 11

CVE-2022-0383

HIGH CVSS 7.2 2022-02-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24974 - Before 11 Plugin

The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.

PLUGIN Before 11

CVE-2021-24974

MEDIUM CVSS 5.4 2022-01-24
Open Full Technical Breakdown
Scroll to top