Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-15
CVE-2024-6024 - Through 1 Plugin
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack
PLUGIN
Through 1
CVE-2024-6024
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6023 - Through 1 Plugin
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack
PLUGIN
Through 1
CVE-2024-6023
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6022 - Through 1 Plugin
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-6022
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-5802 - Through 1 Plugin
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 1
CVE-2024-5802
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5730 - Through 1 Plugin
The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-5730
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5729 - Through 1 Plugin
The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-5729
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5728 - Through 1 Plugin
The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-5728
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5727 - Through 1 Plugin
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-5727
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5071 - Through 1 Plugin
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.
PLUGIN
Through 1
CVE-2024-5071
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5199 - Through 1 Plugin
The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2024-5199
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5169 - Through 1 Plugin
The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-5169
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-3633 - Through 1 Plugin
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 1
CVE-2024-3633
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5448 - Through 1 Plugin
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2024-5448
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4477 - Through 1 Plugin
The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
PLUGIN
Through 1
CVE-2024-4477
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5447 - Through 1 Plugin
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-5447
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4755 - Through 1 Plugin
The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-4755
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4384 - Through 1 Plugin
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-4384
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4475 - Through 1 Plugin
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack
PLUGIN
Through 1
CVE-2024-4475
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4474 - Through 1 Plugin
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-4474
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4377 - Through 1 Plugin
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2024-4377
Risk Score