Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total23
Critical1
High2
Medium20
Reset
Showing 21-23 of 23 records
Threat Entry Updated 2024-11-21

CVE-2022-0784 - Before 9 Plugin

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection

PLUGIN Before 9

CVE-2022-0784

CRITICAL CVSS 9.8 2022-03-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25031 - Before 9 Plugin

The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Before 9

CVE-2021-25031

MEDIUM CVSS 6.1 2022-01-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24374 - Before 9 Plugin

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.

PLUGIN Before 9

CVE-2021-24374

MEDIUM CVSS 5.3 2021-06-21
Open Full Technical Breakdown
Scroll to top