Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-10-07
CVE-2024-7918 - Through 0 Plugin
The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 0
CVE-2024-7918
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7687 - Through 0 Plugin
The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 0
CVE-2024-7687
Risk Score
Threat Entry
Updated 2024-09-11
CVE-2024-6859 - Through 0 Plugin
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 0
CVE-2024-6859
Risk Score
Threat Entry
Updated 2024-09-11
CVE-2024-6856 - Through 0 Plugin
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2024-6856
Risk Score
Threat Entry
Updated 2024-09-11
CVE-2024-6855 - Through 0 Plugin
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
PLUGIN
Through 0
CVE-2024-6855
Risk Score
Threat Entry
Updated 2024-09-11
CVE-2024-6853 - Through 0 Plugin
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
PLUGIN
Through 0
CVE-2024-6853
Risk Score
Threat Entry
Updated 2024-09-11
CVE-2024-6852 - Through 0 Plugin
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2024-6852
Risk Score
Threat Entry
Updated 2024-12-26
CVE-2024-5444 - Through 0 Plugin
The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 0
CVE-2024-5444
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5767 - Through 0 Plugin
The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 0
CVE-2024-5767
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5570 - Through 0 Plugin
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
PLUGIN
Through 0
CVE-2024-5570
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5473 - Through 0 Plugin
The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 0
CVE-2024-5473
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-4757 - Through 0 Plugin
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 0
CVE-2024-4757
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-4759 - Through 0 Plugin
The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 0
CVE-2024-4759
Risk Score
Threat Entry
Updated 2025-03-26
CVE-2024-4382 - Through 0 Plugin
The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks
PLUGIN
Through 0
CVE-2024-4382
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-4381 - Through 0 Plugin
The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 0
CVE-2024-4381
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3978 - Through 0 Plugin
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 0
CVE-2024-3978
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3977 - Through 0 Plugin
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 0
CVE-2024-3977
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3993 - Through 0 Plugin
The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 0
CVE-2024-3993
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-3824 - Through 0 Plugin
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
PLUGIN
Through 0
CVE-2024-3824
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-3822 - Through 0 Plugin
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 0
CVE-2024-3822
Risk Score