Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-08
CVE-2023-2571 - Before 6 Plugin
The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 6
CVE-2023-2571
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2023-2518 - Before 6 Plugin
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 6
CVE-2023-2518
Risk Score
Threat Entry
Updated 2026-03-06
CVE-2023-0600 - Before 6 Plugin
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
PLUGIN
Before 6
CVE-2023-0600
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-1809 - Before 6 Plugin
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.
PLUGIN
Before 6
CVE-2023-1809
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2023-1669 - Before 6 Plugin
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
PLUGIN
Before 6
CVE-2023-1669
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2023-1525 - Before 6 Plugin
The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 6
CVE-2023-1525
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-1324 - Before 6 Plugin
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 6
CVE-2023-1324
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0276 - Before 6 Plugin
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 6
CVE-2023-0276
Risk Score
Threat Entry
Updated 2025-03-05
CVE-2023-1325 - Before 6 Plugin
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 6
CVE-2023-1325
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-1093 - Before 6 Plugin
The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack
PLUGIN
Before 6
CVE-2023-1093
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-1092 - Before 6 Plugin
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
PLUGIN
Before 6
CVE-2023-1092
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-0816 - Before 6 Plugin
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
PLUGIN
Before 6
CVE-2023-0816
Risk Score
Threat Entry
Updated 2025-02-18
CVE-2023-1069 - Before 6 Plugin
The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 6
CVE-2023-1069
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-1400 - Before 6 Plugin
The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 6
CVE-2023-1400
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-1025 - Before 6 Plugin
The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 6
CVE-2023-1025
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2022-3246 - Before 6 Plugin
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
PLUGIN
Before 6
CVE-2022-3246
Risk Score
Threat Entry
Updated 2025-05-09
CVE-2022-3247 - Before 6 Plugin
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks
PLUGIN
Before 6
CVE-2022-3247
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2022-3243 - Before 6 Plugin
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
PLUGIN
Before 6
CVE-2022-3243
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2022-3244 - Before 6 Plugin
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
PLUGIN
Before 6
CVE-2022-3244
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2361 - Before 6 Plugin
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 6
CVE-2022-2361
Risk Score