Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3

Critical0

High1

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-3 of 3 records

Threat Entry Updated 2025-05-14

CVE-2024-10858 - Before 14 Plugin

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

PLUGIN Before 14

CVE-2024-10858

MEDIUM CVSS 6.1 2024-12-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-19

CVE-2023-0955 - Before 14 Plugin

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.

PLUGIN Before 14

CVE-2023-0955

HIGH CVSS 8.8 2023-03-27

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1171 - Before 14 Plugin

The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

PLUGIN Before 14

CVE-2022-1171

MEDIUM CVSS 6.1 2022-05-09

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2024-10858 - Before 14 Plugin

CVE-2023-0955 - Before 14 Plugin

CVE-2022-1171 - Before 14 Plugin

Company Links

Contact Us