Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical1
High0
Medium6
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2025-04-14

CVE-2024-11447 - Com Plugin

The Community by PeepSo – Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filter’ parameter in all versions up to, and including, 7.0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Com

CVE-2024-11447

MEDIUM CVSS 6.1 2024-11-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4085 - Com Plugin

The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Com

CVE-2024-4085

MEDIUM CVSS 4.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5843 - Com Plugin

The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.

PLUGIN Com

CVE-2023-5843

CRITICAL CVSS 9.0 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2272 - Com Plugin

The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Com

CVE-2023-2272

MEDIUM CVSS 6.1 2023-08-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2271 - Com Plugin

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack

PLUGIN Com

CVE-2023-2271

MEDIUM CVSS 4.3 2023-08-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-0058 - Com Plugin

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

PLUGIN Com

CVE-2023-0058

MEDIUM CVSS 6.1 2023-08-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-38330 - Com Plugin

The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.

PLUGIN Com

CVE-2021-38330

MEDIUM CVSS 6.1 2021-09-10
Open Full Technical Breakdown
Scroll to top