Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-06-11

CVE-2024-5440 - If So Dynamic Content Personalization Plugin

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN If So Dynamic Content Personalization

CVE-2024-5440

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-10796 - If So Dynamic Content Personalization Plugin

The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.

PLUGIN If So Dynamic Content Personalization

CVE-2024-10796

MEDIUM CVSS 4.3 2024-11-21
Open Full Technical Breakdown
Threat Entry Updated 2025-05-20

CVE-2024-5713 - If So Dynamic Content Personalization Plugin

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

PLUGIN If So Dynamic Content Personalization

CVE-2024-5713

MEDIUM CVSS 5.4 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-16

CVE-2024-6070 - If So Dynamic Content Personalization Plugin

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN If So Dynamic Content Personalization

CVE-2024-6070

MEDIUM CVSS 4.8 2024-07-13
Open Full Technical Breakdown
Scroll to top