Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2024-11-21

CVE-2024-5330 - Breakdance Plugin

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Breakdance

CVE-2024-5330

MEDIUM CVSS 6.4 2024-08-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-5331 - Breakdance Plugin

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.

PLUGIN Breakdance

CVE-2024-5331

MEDIUM CVSS 4.3 2024-08-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4605 - Breakdance Plugin

The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.

PLUGIN Breakdance

CVE-2024-4605

HIGH CVSS 8.8 2024-05-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6854 - Breakdance Plugin

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Breakdance

CVE-2023-6854

MEDIUM CVSS 6.4 2024-05-06
Open Full Technical Breakdown
Scroll to top