Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-21
CVE-2024-3917 - Through 1 Plugin
The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-3917
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-4290 - Through 1 Plugin
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-4290
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-4289 - Through 1 Plugin
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-4289
Risk Score
Threat Entry
Updated 2025-05-30
CVE-2024-3580 - Through 1 Plugin
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-3580
Risk Score
Threat Entry
Updated 2025-05-30
CVE-2024-3231 - Through 1 Plugin
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
PLUGIN
Through 1
CVE-2024-3231
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-3643 - Through 1 Plugin
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
PLUGIN
Through 1
CVE-2024-3643
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-3644 - Through 1 Plugin
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-3644
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-3642 - Through 1 Plugin
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
PLUGIN
Through 1
CVE-2024-3642
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-3641 - Through 1 Plugin
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
PLUGIN
Through 1
CVE-2024-3641
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-3903 - Through 1 Plugin
The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack
PLUGIN
Through 1
CVE-2024-3903
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-3590 - Through 1 Plugin
The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
PLUGIN
Through 1
CVE-2024-3590
Risk Score
Threat Entry
Updated 2025-05-09
CVE-2024-3628 - Through 1 Plugin
The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 1
CVE-2024-3628
Risk Score
Threat Entry
Updated 2025-04-18
CVE-2024-3756 - Through 1 Plugin
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
PLUGIN
Through 1
CVE-2024-3756
Risk Score
Threat Entry
Updated 2025-04-18
CVE-2024-3755 - Through 1 Plugin
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-3755
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-3752 - Through 1 Plugin
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-3752
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-3637 - Through 1 Plugin
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-3637
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-3059 - Through 1 Plugin
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
PLUGIN
Through 1
CVE-2024-3059
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-3048 - Through 1 Plugin
The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators
PLUGIN
Through 1
CVE-2024-3048
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-3058 - Through 1 Plugin
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 1
CVE-2024-3058
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-3060 - Through 1 Plugin
The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
PLUGIN
Through 1
CVE-2024-3060
Risk Score