Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total632
Critical40
High107
Medium472
Reset
Showing 181-200 of 632 records
Threat Entry Updated 2025-06-02

CVE-2024-0238 - Before 2 Plugin

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.

PLUGIN Before 2

CVE-2024-0238

MEDIUM CVSS 6.1 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2024-0233 - Before 2 Plugin

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 2

CVE-2024-0233

MEDIUM CVSS 6.1 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-02

CVE-2024-0237 - Before 2 Plugin

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

PLUGIN Before 2

CVE-2024-0237

MEDIUM CVSS 5.3 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2024-0236 - Before 2 Plugin

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)

PLUGIN Before 2

CVE-2024-0236

MEDIUM CVSS 5.3 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2024-0235 - Before 2 Plugin

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

PLUGIN Before 2

CVE-2024-0235

MEDIUM CVSS 5.3 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-6373 - Before 2 Plugin

The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)

PLUGIN Before 2

CVE-2023-6373

HIGH CVSS 8.8 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-13

CVE-2023-6046 - Before 2 Plugin

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.

PLUGIN Before 2

CVE-2023-6046

MEDIUM CVSS 4.8 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2023-6005 - Before 2 Plugin

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 2

CVE-2023-6005

MEDIUM CVSS 4.8 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-02

CVE-2023-3178 - Before 2 Plugin

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

PLUGIN Before 2

CVE-2023-3178

MEDIUM CVSS 4.3 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-13

CVE-2023-0224 - Before 2 Plugin

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

PLUGIN Before 2

CVE-2023-0224

CRITICAL CVSS 9.8 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-6991 - Before 2 Plugin

The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

PLUGIN Before 2

CVE-2023-6991

HIGH CVSS 8.8 2024-01-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-6029 - Before 2 Plugin

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.

PLUGIN Before 2

CVE-2023-6029

HIGH CVSS 7.5 2024-01-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2023-6620 - Before 2 Plugin

The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.

PLUGIN Before 2

CVE-2023-6620

HIGH CVSS 7.2 2024-01-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2023-6163 - Before 2 Plugin

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 2

CVE-2023-6163

MEDIUM CVSS 4.8 2024-01-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-03

CVE-2023-6843 - Before 2 Plugin

The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.

PLUGIN Before 2

CVE-2023-6843

MEDIUM CVSS 4.3 2024-01-15
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6750 - Before 2 Plugin

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.

PLUGIN Before 2

CVE-2023-6750

HIGH CVSS 7.5 2024-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-04-17

CVE-2023-6383 - Before 2 Plugin

The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data

PLUGIN Before 2

CVE-2023-6383

HIGH CVSS 7.5 2024-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-06-17

CVE-2023-6161 - Before 2 Plugin

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 2

CVE-2023-6161

MEDIUM CVSS 6.1 2024-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-06-18

CVE-2023-6621 - Before 2 Plugin

The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Before 2

CVE-2023-6621

MEDIUM CVSS 6.1 2024-01-03
Open Full Technical Breakdown
Scroll to top