Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High2
Medium2
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-11-12

CVE-2025-11521 - Malware Scan Plugin

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Malware Scan

CVE-2025-11521

HIGH CVSS 8.1 2025-11-11
Open Full Technical Breakdown
Threat Entry Updated 2025-07-31

CVE-2025-8213 - Malware Scan Plugin

The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.

PLUGIN Malware Scan

CVE-2025-8213

HIGH CVSS 7.2 2025-07-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-3144 - Malware Scan Plugin

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.

PLUGIN Malware Scan

CVE-2022-3144

MEDIUM CVSS 4.4 2022-09-23
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0429 - Malware Scan Plugin

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.

PLUGIN Malware Scan

CVE-2022-0429

MEDIUM CVSS 6.1 2022-03-07
Open Full Technical Breakdown
Scroll to top