Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-23
CVE-2023-5177 - Through 1 Plugin
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.
PLUGIN
Through 1
CVE-2023-5177
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-3547 - Through 1 Plugin
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
PLUGIN
Through 1
CVE-2023-3547
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3664 - Through 1 Plugin
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
PLUGIN
Through 1
CVE-2023-3664
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4307 - Through 1 Plugin
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack
PLUGIN
Through 1
CVE-2023-4307
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3510 - Through 1 Plugin
The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.
PLUGIN
Through 1
CVE-2023-3510
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2813 - Through 1 Theme
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable…
THEME
Through 1
CVE-2023-2813
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-4023 - Through 1 Plugin
The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger.
PLUGIN
Through 1
CVE-2023-4023
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2225 - Through 1 Plugin
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2023-2225
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3492 - Through 1 Plugin
The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2023-3492
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0602 - Through 1 Plugin
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.
PLUGIN
Through 1
CVE-2023-0602
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-3041 - Through 1 Plugin
The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.
PLUGIN
Through 1
CVE-2023-3041
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2579 - Through 1 Plugin
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-2579
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2143 - Through 1 Plugin
The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
PLUGIN
Through 1
CVE-2023-2143
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2026 - Through 1 Plugin
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2023-2026
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2333 - Through 1 Plugin
The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2023-2333
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2324 - Through 1 Plugin
The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2023-2324
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2482 - Through 1 Plugin
The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.
PLUGIN
Through 1
CVE-2023-2482
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2326 - Through 1 Plugin
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
PLUGIN
Through 1
CVE-2023-2326
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2492 - Through 1 Plugin
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
PLUGIN
Through 1
CVE-2023-2492
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2751 - Through 1 Plugin
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
PLUGIN
Through 1
CVE-2023-2751
Risk Score