Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-09
CVE-2023-5956 - Through 1 Plugin
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2023-5956
Risk Score
Threat Entry
Updated 2025-05-30
CVE-2023-7194 - Through 1 Theme
The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
THEME
Through 1
CVE-2023-7194
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-4703 - Through 1 Plugin
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
PLUGIN
Through 1
CVE-2023-4703
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-3211 - Through 1 Plugin
The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
PLUGIN
Through 1
CVE-2023-3211
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2023-2655 - Through 1 Plugin
The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
PLUGIN
Through 1
CVE-2023-2655
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0094 - Through 1 Plugin
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0094
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24567 - Through 1 Plugin
The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
PLUGIN
Through 1
CVE-2021-24567
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-6941 - Through 1 Plugin
The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
PLUGIN
Through 1
CVE-2023-6941
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-6066 - Through 1 Plugin
The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.
PLUGIN
Through 1
CVE-2023-6066
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6532 - Through 1 Plugin
The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2023-6532
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-5957 - Through 1 Plugin
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
PLUGIN
Through 1
CVE-2023-5957
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4311 - Through 1 Plugin
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
PLUGIN
Through 1
CVE-2023-4311
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5940 - Through 1 Plugin
The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2023-5940
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5108 - Through 1 Plugin
The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
PLUGIN
Through 1
CVE-2023-5108
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5141 - Through 1 Plugin
The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2023-5141
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4460 - Through 1 Plugin
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 1
CVE-2023-4460
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2023-5137 - Through 1 Plugin
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
PLUGIN
Through 1
CVE-2023-5137
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5653 - Through 1 Plugin
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
PLUGIN
Through 1
CVE-2023-5653
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2707 - Through 1 Plugin
The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2023-2707
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-4858 - Through 1 Plugin
The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2023-4858
Risk Score