Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-3170 - Before 4 Plugin
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 4
CVE-2023-3170
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-4254 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 4
CVE-2023-4254
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-4253 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 4
CVE-2023-4253
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4013 - Before 4 Plugin
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
PLUGIN
Before 4
CVE-2023-4013
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4150 - Before 4 Plugin
The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
PLUGIN
Before 4
CVE-2023-4150
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-1465 - Before 4 Plugin
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
PLUGIN
Before 4
CVE-2023-1465
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-3175 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 4
CVE-2023-3175
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-3118 - Before 4 Plugin
The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 4
CVE-2023-3118
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1780 - Before 4 Plugin
The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 4
CVE-2023-1780
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3139 - Before 4 Plugin
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
PLUGIN
Before 4
CVE-2023-3139
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-2811 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
PLUGIN
Before 4
CVE-2023-2811
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-2742 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 4
CVE-2023-2742
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-2362 - Before 4 Plugin
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to…
PLUGIN
Before 4
CVE-2023-2362
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0812 - Before 4 Plugin
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.
PLUGIN
Before 4
CVE-2023-0812
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-1596 - Before 4 Plugin
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 4
CVE-2023-1596
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-1660 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
PLUGIN
Before 4
CVE-2023-1660
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-1650 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog
PLUGIN
Before 4
CVE-2023-1650
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-1011 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
PLUGIN
Before 4
CVE-2023-1011
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-1651 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS
PLUGIN
Before 4
CVE-2023-1651
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-1649 - Before 4 Plugin
The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 4
CVE-2023-1649
Risk Score