Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-3 of 3 records

Threat Entry Updated 2025-04-29

CVE-2024-9771 - Before 16 Plugin

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 16

CVE-2024-9771

LOW CVSS 3.5 2025-04-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-04-29

CVE-2024-9770 - Before 16 Plugin

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

PLUGIN Before 16

CVE-2024-9770

MEDIUM CVSS 4.7 2025-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-1166 - Before 16 Plugin

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

PLUGIN Before 16

CVE-2023-1166

MEDIUM CVSS 4.8 2023-06-27

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2024-9771 - Before 16 Plugin

CVE-2024-9770 - Before 16 Plugin

CVE-2023-1166 - Before 16 Plugin

Company Links

Contact Us