Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2024-9663 - Before 2 Plugin
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9663
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9662 - Before 2 Plugin
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9662
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9645 - Before 2 Plugin
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-9645
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9182 - Before 2 Plugin
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Before 2
CVE-2024-9182
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8620 - Before 2 Plugin
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-8620
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8286 - Before 2 Plugin
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks
PLUGIN
Before 2
CVE-2024-8286
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8397 - Before 2 Plugin
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.
PLUGIN
Before 2
CVE-2024-8397
Risk Score
Threat Entry
Updated 2025-10-02
CVE-2024-7762 - Before 2 Plugin
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
PLUGIN
Before 2
CVE-2024-7762
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7761 - Before 2 Plugin
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
PLUGIN
Before 2
CVE-2024-7761
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-6711 - Before 2 Plugin
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks
PLUGIN
Before 2
CVE-2024-6711
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6335 - Before 2 Plugin
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-6335
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4091 - Before 2 Plugin
The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-4091
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4004 - Before 2 Plugin
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-4004
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4002 - Before 2 Plugin
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-4002
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-3996 - Before 2 Plugin
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3996
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-2643 - Before 2 Plugin
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-2643
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13727 - Before 2 Plugin
The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Before 2
CVE-2024-13727
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13621 - Before 2 Plugin
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-13621
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13383 - Before 2 Plugin
The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-13383
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-12800 - Before 2 Plugin
The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-12800
Risk Score