Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2021-25006 - Through 0 Plugin
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
PLUGIN
Through 0
CVE-2021-25006
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0385 - Through 0 Plugin
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
PLUGIN
Through 0
CVE-2022-0385
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24898 - Through 0 Plugin
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PLUGIN
Through 0
CVE-2021-24898
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24859 - Through 0 Plugin
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
PLUGIN
Through 0
CVE-2021-24859
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24788 - Through 0 Plugin
The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
PLUGIN
Through 0
CVE-2021-24788
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24630 - Through 0 Plugin
The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author
PLUGIN
Through 0
CVE-2021-24630
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24674 - Through 0 Plugin
The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack
PLUGIN
Through 0
CVE-2021-24674
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24605 - Through 0 Plugin
The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue
PLUGIN
Through 0
CVE-2021-24605
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24393 - Through 0 Plugin
A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 0
CVE-2021-24393
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24551 - Through 0 Plugin
The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue
PLUGIN
Through 0
CVE-2021-24551
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24550 - Through 0 Plugin
The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue
PLUGIN
Through 0
CVE-2021-24550
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24548 - Through 0 Plugin
The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.
PLUGIN
Through 0
CVE-2021-24548
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24534 - Through 0 Plugin
The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.
PLUGIN
Through 0
CVE-2021-24534
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24479 - Through 0 Plugin
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
PLUGIN
Through 0
CVE-2021-24479
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24350 - Through 0 Plugin
The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.
PLUGIN
Through 0
CVE-2021-24350
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24254 - Through 0 Plugin
The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.
PLUGIN
Through 0
CVE-2021-24254
Risk Score