Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-16
CVE-2024-1388 - Changeset Theme
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings.
THEME
Changeset
CVE-2024-1388
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1912 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1912
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1910 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1910
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1909 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1909
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1907 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1907
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1906 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1906
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1653 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.
PLUGIN
Changeset
CVE-2024-1653
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1652 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.
PLUGIN
Changeset
CVE-2024-1652
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1650 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories.
PLUGIN
Changeset
CVE-2024-1650
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1649 - Changeset Plugin
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.
PLUGIN
Changeset
CVE-2024-1649
Risk Score
Threat Entry
Updated 2025-03-10
CVE-2024-1698 - Changeset Plugin
The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Changeset
CVE-2024-1698
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-1686 - Changeset Plugin
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.
PLUGIN
Changeset
CVE-2024-1686
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-1323 - Changeset Plugin
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Changeset
CVE-2024-1323
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-1165 - Changeset Plugin
The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server
PLUGIN
Changeset
CVE-2024-1165
Risk Score
Threat Entry
Updated 2025-02-05
CVE-2023-5775 - Changeset Plugin
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the password input field in the UI or from the options table where the password is stored.
PLUGIN
Changeset
CVE-2023-5775
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-1362 - Changeset Plugin
The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1362
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-1361 - Changeset Plugin
The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2024-1361
Risk Score
Threat Entry
Updated 2025-02-05
CVE-2024-1360 - Changeset Theme
The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
THEME
Changeset
CVE-2024-1360
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-1053 - Changeset Plugin
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves.
PLUGIN
Changeset
CVE-2024-1053
Risk Score
Threat Entry
Updated 2025-01-31
CVE-2024-0593 - Changeset Plugin
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
PLUGIN
Changeset
CVE-2024-0593
Risk Score