Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-23
CVE-2024-13492 - Through 0 Plugin
The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 0
CVE-2024-13492
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2025-0522 - Through 0 Plugin
The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 0
CVE-2025-0522
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2025-0368 - Through 0 Plugin
The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
PLUGIN
Through 0
CVE-2025-0368
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13330 - Through 0 Plugin
The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 0
CVE-2024-13330
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13329 - Through 0 Plugin
The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 0
CVE-2024-13329
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13326 - Through 0 Plugin
The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 0
CVE-2024-13326
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-12736 - Through 0 Plugin
The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 0
CVE-2024-12736
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-12715 - Through 0 Plugin
The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 0
CVE-2024-12715
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-12714 - Through 0 Plugin
The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 0
CVE-2024-12714
Risk Score
Threat Entry
Updated 2025-06-24
CVE-2024-11184 - Through 0 Plugin
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts
PLUGIN
Through 0
CVE-2024-11184
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-11644 - Through 0 Plugin
The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 0
CVE-2024-11644
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-12096 - Through 0 Plugin
The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 0
CVE-2024-12096
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8093 - Through 0 Plugin
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2024-8093
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8091 - Through 0 Plugin
The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2024-8091
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8043 - Through 0 Plugin
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 0
CVE-2024-8043
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-5170 - Through 0 Plugin
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 0
CVE-2024-5170
Risk Score
Threat Entry
Updated 2024-09-30
CVE-2024-7862 - Through 0 Plugin
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2024-7862
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8056 - Through 0 Plugin
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
PLUGIN
Through 0
CVE-2024-8056
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8054 - Through 0 Plugin
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 0
CVE-2024-8054
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7688 - Through 0 Plugin
The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack
PLUGIN
Through 0
CVE-2024-7688
Risk Score