Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-16
CVE-2023-7269 - Before 2 Plugin
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Before 2
CVE-2023-7269
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2024-5604 - Before 2 Plugin
The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-5604
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2023-7268 - Before 2 Plugin
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets
PLUGIN
Before 2
CVE-2023-7268
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6164 - Before 2 Plugin
The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
PLUGIN
Before 2
CVE-2024-6164
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5450 - Before 2 Plugin
The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files
PLUGIN
Before 2
CVE-2024-5450
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4752 - Before 2 Plugin
The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-4752
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-6334 - Before 2 Plugin
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Before 2
CVE-2024-6334
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2234 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks
THEME
Before 2
CVE-2024-2234
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2235 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
THEME
Before 2
CVE-2024-2235
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2233 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group
THEME
Before 2
CVE-2024-2233
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2040 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack
THEME
Before 2
CVE-2024-2040
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3999 - Before 2 Plugin
The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3999
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-1330 - Before 2 Plugin
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.
PLUGIN
Before 2
CVE-2024-1330
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5573 - Before 2 Plugin
The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2024-5573
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5522 - Before 2 Plugin
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
PLUGIN
Before 2
CVE-2024-5522
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3276 - Before 2 Plugin
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-3276
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2762 - Before 2 Plugin
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
PLUGIN
Before 2
CVE-2024-2762
Risk Score
Threat Entry
Updated 2025-06-30
CVE-2024-4750 - Before 2 Plugin
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request
PLUGIN
Before 2
CVE-2024-4750
Risk Score
Threat Entry
Updated 2025-04-10
CVE-2024-4372 - Before 2 Plugin
The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
PLUGIN
Before 2
CVE-2024-4372
Risk Score
Threat Entry
Updated 2025-06-30
CVE-2024-3634 - Before 2 Plugin
The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-3634
Risk Score