Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2024-8286 - Before 2 Plugin
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks
PLUGIN
Before 2
CVE-2024-8286
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8397 - Before 2 Plugin
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.
PLUGIN
Before 2
CVE-2024-8397
Risk Score
Threat Entry
Updated 2025-10-02
CVE-2024-7762 - Before 2 Plugin
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
PLUGIN
Before 2
CVE-2024-7762
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7761 - Before 2 Plugin
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
PLUGIN
Before 2
CVE-2024-7761
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-6711 - Before 2 Plugin
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks
PLUGIN
Before 2
CVE-2024-6711
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6335 - Before 2 Plugin
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-6335
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4091 - Before 2 Plugin
The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-4091
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4004 - Before 2 Plugin
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-4004
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4002 - Before 2 Plugin
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-4002
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-3996 - Before 2 Plugin
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3996
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-2643 - Before 2 Plugin
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-2643
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13727 - Before 2 Plugin
The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Before 2
CVE-2024-13727
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13621 - Before 2 Plugin
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-13621
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13383 - Before 2 Plugin
The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-13383
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-12800 - Before 2 Plugin
The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-12800
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-12767 - Before 2 Plugin
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts
PLUGIN
Before 2
CVE-2024-12767
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10362 - Before 2 Plugin
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-10362
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10149 - Before 2 Plugin
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-10149
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-10143 - Before 2 Plugin
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-10143
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-10009 - Before 2 Plugin
The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Before 2
CVE-2024-10009
Risk Score