Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical1
High3
Medium1
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2025-07-17

CVE-2025-2942 - Before 12 Plugin

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

PLUGIN Before 12

CVE-2025-2942

MEDIUM CVSS 4.3 2025-07-11
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2025-2929 - Before 12 Plugin

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 12

CVE-2025-2929

HIGH CVSS 7.1 2025-05-20
Open Full Technical Breakdown
Threat Entry Updated 2025-05-14

CVE-2025-2907 - Before 12 Plugin

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.

PLUGIN Before 12

CVE-2025-2907

CRITICAL CVSS 9.8 2025-04-26
Open Full Technical Breakdown
Threat Entry Updated 2025-03-31

CVE-2024-10515 - Before 12 Plugin

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor

PLUGIN Before 12

CVE-2024-10515

LOW CVSS 3.5 2024-11-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2996 - Before 12 Plugin

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

PLUGIN Before 12

CVE-2023-2996

HIGH CVSS 8.8 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2025-03-21

CVE-2023-0260 - Before 12 Plugin

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

PLUGIN Before 12

CVE-2023-0260

HIGH CVSS 8.8 2023-02-13
Open Full Technical Breakdown
Scroll to top