Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-02
CVE-2023-4502 - Before 3 Plugin
The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.
PLUGIN
Before 3
CVE-2023-4502
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2023-4148 - Before 3 Plugin
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 3
CVE-2023-4148
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-2995 - Before 3 Plugin
The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2023-2995
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4060 - Before 3 Plugin
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2023-4060
Risk Score
Threat Entry
Updated 2025-03-06
CVE-2023-4059 - Before 3 Plugin
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
PLUGIN
Before 3
CVE-2023-4059
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-3499 - Before 3 Plugin
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2023-3499
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2813 - Before 3 Theme
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable…
THEME
Before 3
CVE-2023-2813
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-3992 - Before 3 Plugin
The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 3
CVE-2023-3992
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4109 - Before 3 Plugin
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.
PLUGIN
Before 3
CVE-2023-4109
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2803 - Before 3 Plugin
The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 3
CVE-2023-2803
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2802 - Before 3 Plugin
The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2023-2802
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3650 - Before 3 Plugin
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
PLUGIN
Before 3
CVE-2023-3650
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-3245 - Before 3 Plugin
The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2023-3245
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3182 - Before 3 Plugin
The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 3
CVE-2023-3182
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3131 - Before 3 Plugin
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
PLUGIN
Before 3
CVE-2023-3131
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3209 - Before 3 Plugin
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
PLUGIN
Before 3
CVE-2023-3209
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3077 - Before 3 Plugin
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.
PLUGIN
Before 3
CVE-2023-3077
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3076 - Before 3 Plugin
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.
PLUGIN
Before 3
CVE-2023-3076
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2578 - Before 3 Plugin
The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 3
CVE-2023-2578
Risk Score
Threat Entry
Updated 2025-01-06
CVE-2023-1119 - Before 3 Plugin
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.
PLUGIN
Before 3
CVE-2023-1119
Risk Score