Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-14
CVE-2024-12585 - Before 2 Plugin
The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 2
CVE-2024-12585
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-10151 - Before 2 Plugin
The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-10151
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-11357 - Before 2 Plugin
The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-11357
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-10903 - Before 2 Plugin
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
PLUGIN
Before 2
CVE-2024-10903
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-9641 - Before 2 Plugin
The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9641
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-10499 - Before 2 Plugin
The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Before 2
CVE-2024-10499
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-11107 - Before 2 Plugin
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-11107
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-10708 - Before 2 Plugin
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
PLUGIN
Before 2
CVE-2024-10708
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-11183 - Before 2 Plugin
The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-11183
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-10480 - Before 2 Plugin
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Before 2
CVE-2024-10480
Risk Score
Threat Entry
Updated 2025-04-11
CVE-2024-10104 - Before 2 Plugin
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 2
CVE-2024-10104
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-7982 - Before 2 Plugin
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-7982
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-8378 - Before 2 Plugin
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.
PLUGIN
Before 2
CVE-2024-8378
Risk Score
Threat Entry
Updated 2024-10-24
CVE-2024-8625 - Before 2 Plugin
The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Before 2
CVE-2024-8625
Risk Score
Threat Entry
Updated 2025-09-30
CVE-2024-8983 - Before 2 Plugin
Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-8983
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7714 - Before 2 Plugin
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
PLUGIN
Before 2
CVE-2024-7714
Risk Score
Threat Entry
Updated 2025-03-18
CVE-2024-7713 - Before 2 Plugin
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
PLUGIN
Before 2
CVE-2024-7713
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2024-6845 - Before 2 Plugin
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key
PLUGIN
Before 2
CVE-2024-6845
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7863 - Before 2 Plugin
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server
PLUGIN
Before 2
CVE-2024-7863
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7864 - Before 2 Plugin
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server
PLUGIN
Before 2
CVE-2024-7864
Risk Score