Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-03-18
CVE-2024-5529 - Before 3 Plugin
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 3
CVE-2024-5529
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5472 - Before 3 Plugin
The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 3
CVE-2024-5472
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5575 - Before 3 Plugin
The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 3
CVE-2024-5575
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5442 - Before 3 Plugin
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 3
CVE-2024-5442
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3964 - Before 3 Plugin
The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2024-3964
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3710 - Before 3 Plugin
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
PLUGIN
Before 3
CVE-2024-3710
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3751 - Before 3 Plugin
The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2024-3751
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5626 - Before 3 Plugin
The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 3
CVE-2024-5626
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2640 - Before 3 Plugin
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 3
CVE-2024-2640
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4655 - Before 3 Plugin
The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 3
CVE-2024-4655
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4664 - Before 3 Plugin
The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Before 3
CVE-2024-4664
Risk Score
Threat Entry
Updated 2025-03-26
CVE-2024-4149 - Before 3 Plugin
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 3
CVE-2024-4149
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4145 - Before 3 Plugin
The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).
PLUGIN
Before 3
CVE-2024-4145
Risk Score
Threat Entry
Updated 2025-05-30
CVE-2024-4924 - Before 3 Plugin
The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2024-4924
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-4057 - Before 3 Plugin
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 3
CVE-2024-4057
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-4469 - Before 3 Plugin
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.
PLUGIN
Before 3
CVE-2024-4469
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3939 - Before 3 Plugin
The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2024-3939
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-2744 - Before 3 Plugin
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 3
CVE-2024-2744
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-3241 - Before 3 Plugin
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 3
CVE-2024-3241
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2023-5971 - Before 3 Plugin
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2023-5971
Risk Score