Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-08
CVE-2024-3265 - Through 1 Plugin
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
PLUGIN
Through 1
CVE-2024-3265
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-2739 - Through 1 Plugin
The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Through 1
CVE-2024-2739
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-2857 - Through 1 Plugin
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
PLUGIN
Through 1
CVE-2024-2857
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-2858 - Through 1 Plugin
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Through 1
CVE-2024-2858
Risk Score
Threat Entry
Updated 2025-05-09
CVE-2023-6067 - Through 1 Plugin
The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-6067
Risk Score
Threat Entry
Updated 2025-03-28
CVE-2024-1588 - Through 1 Plugin
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-1588
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-1752 - Through 1 Plugin
The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-1752
Risk Score
Threat Entry
Updated 2025-03-24
CVE-2024-1589 - Through 1 Plugin
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-1589
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2023-7232 - Through 1 Plugin
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
PLUGIN
Through 1
CVE-2023-7232
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-0337 - Through 1 Plugin
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
PLUGIN
Through 1
CVE-2024-0337
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-0858 - Through 1 Plugin
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees.
PLUGIN
Through 1
CVE-2024-0858
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-0711 - Through 1 Plugin
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2024-0711
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-0719 - Through 1 Plugin
The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2024-0719
Risk Score
Threat Entry
Updated 2025-03-27
CVE-2024-0951 - Through 1 Plugin
The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-0951
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-7236 - Through 1 Plugin
The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information.
PLUGIN
Through 1
CVE-2023-7236
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2023-7167 - Through 1 Plugin
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2023-7167
Risk Score
Threat Entry
Updated 2025-06-17
CVE-2023-7074 - Through 1 Plugin
The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Through 1
CVE-2023-7074
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6946 - Through 1 Plugin
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Through 1
CVE-2023-6946
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-6390 - Through 1 Plugin
The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Through 1
CVE-2023-6390
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-7089 - Through 1 Plugin
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 1
CVE-2023-7089
Risk Score