Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-07
CVE-2024-0902 - Before 6 Plugin
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 6
CVE-2024-0902
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-0365 - Before 6 Plugin
The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.
PLUGIN
Before 6
CVE-2024-0365
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-0973 - Before 6 Plugin
The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 6
CVE-2024-0973
Risk Score
Threat Entry
Updated 2025-03-26
CVE-2024-0250 - Before 6 Plugin
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
PLUGIN
Before 6
CVE-2024-0250
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2024-0187 - Before 6 Plugin
The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 6
CVE-2024-0187
Risk Score
Threat Entry
Updated 2025-06-17
CVE-2023-7125 - Before 6 Plugin
The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
PLUGIN
Before 6
CVE-2023-7125
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2023-6292 - Before 6 Plugin
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Before 6
CVE-2023-6292
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-1405 - Before 6 Plugin
The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
PLUGIN
Before 6
CVE-2023-1405
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2023-6528 - Before 6 Plugin
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.
PLUGIN
Before 6
CVE-2023-6528
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6166 - Before 6 Plugin
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
PLUGIN
Before 6
CVE-2023-6166
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6155 - Before 6 Plugin
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
PLUGIN
Before 6
CVE-2023-6155
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6203 - Before 6 Plugin
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
PLUGIN
Before 6
CVE-2023-6203
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2023-5907 - Before 6 Plugin
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
PLUGIN
Before 6
CVE-2023-5907
Risk Score
Threat Entry
Updated 2025-03-24
CVE-2023-5355 - Before 6 Plugin
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.
PLUGIN
Before 6
CVE-2023-5355
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-5354 - Before 6 Plugin
The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 6
CVE-2023-5354
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-5352 - Before 6 Plugin
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
PLUGIN
Before 6
CVE-2023-5352
Risk Score
Threat Entry
Updated 2025-04-22
CVE-2023-5211 - Before 6 Plugin
The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.
PLUGIN
Before 6
CVE-2023-5211
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4971 - Before 6 Plugin
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.
PLUGIN
Before 6
CVE-2023-4971
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2877 - Before 6 Plugin
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
PLUGIN
Before 6
CVE-2023-2877
Risk Score
Threat Entry
Updated 2025-01-03
CVE-2023-1323 - Before 6 Plugin
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 6
CVE-2023-1323
Risk Score