Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-15
CVE-2024-3823 - Through 0 Plugin
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 0
CVE-2024-3823
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-3940 - Through 0 Plugin
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2024-3940
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-3941 - Through 0 Plugin
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 0
CVE-2024-3941
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-3076 - Through 0 Plugin
The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 0
CVE-2024-3076
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-3075 - Through 0 Plugin
The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 0
CVE-2024-3075
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6501 - Through 0 Plugin
The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 0
CVE-2023-6501
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2023-6391 - Through 0 Plugin
The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Through 0
CVE-2023-6391
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2023-6530 - Through 0 Plugin
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 0
CVE-2023-6530
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2021-24433 - Through 0 Plugin
The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor
PLUGIN
Through 0
CVE-2021-24433
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2023-6845 - Through 0 Plugin
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Through 0
CVE-2023-6845
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2272 - Through 0 Plugin
The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 0
CVE-2023-2272
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2271 - Through 0 Plugin
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack
PLUGIN
Through 0
CVE-2023-2271
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0058 - Through 0 Plugin
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 0
CVE-2023-0058
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-1129 - Through 0 Plugin
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
PLUGIN
Through 0
CVE-2023-1129
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-1126 - Through 0 Plugin
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks
PLUGIN
Through 0
CVE-2023-1126
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0388 - Through 0 Plugin
The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.
PLUGIN
Through 0
CVE-2023-0388
Risk Score
Threat Entry
Updated 2025-02-14
CVE-2023-1377 - Through 0 Plugin
The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 0
CVE-2023-1377
Risk Score
Threat Entry
Updated 2025-03-06
CVE-2023-0212 - Through 0 Plugin
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 0
CVE-2023-0212
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0075 - Through 0 Plugin
The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 0
CVE-2023-0075
Risk Score
Threat Entry
Updated 2025-04-14
CVE-2021-24942 - Through 0 Plugin
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
PLUGIN
Through 0
CVE-2021-24942
Risk Score