Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-09-27
CVE-2024-7133 - Before 2 Plugin
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-7133
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-6850 - Before 2 Plugin
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-6850
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-6723 - Before 2 Plugin
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.
PLUGIN
Before 2
CVE-2024-6723
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2024-7891 - Before 2 Plugin
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-7891
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-6910 - Before 2 Plugin
The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Before 2
CVE-2024-6910
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2024-6846 - Before 2 Plugin
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs
PLUGIN
Before 2
CVE-2024-6846
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-6020 - Before 2 Plugin
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.
PLUGIN
Before 2
CVE-2024-6020
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-6847 - Before 2 Plugin
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
PLUGIN
Before 2
CVE-2024-6847
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-6843 - Before 2 Plugin
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
PLUGIN
Before 2
CVE-2024-6843
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-6451 - Before 2 Plugin
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php.
PLUGIN
Before 2
CVE-2024-6451
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-6481 - Before 2 Plugin
The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-6481
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-7082 - Before 2 Plugin
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2024-7082
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2024-3636 - Before 2 Plugin
The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3636
Risk Score
Threat Entry
Updated 2024-09-06
CVE-2024-6498 - Before 2 Plugin
The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-6498
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-4090 - Before 2 Plugin
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-4090
Risk Score
Threat Entry
Updated 2025-07-07
CVE-2024-6165 - Before 2 Plugin
The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-6165
Risk Score
Threat Entry
Updated 2025-05-30
CVE-2024-3113 - Before 2 Plugin
The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3113
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-3986 - Before 2 Plugin
The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3986
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-4483 - Before 2 Plugin
The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting
PLUGIN
Before 2
CVE-2024-4483
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-6231 - Before 2 Plugin
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-6231
Risk Score