Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-0489 - Through 1 Plugin
The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-0489
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-0368 - Through 1 Plugin
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-0368
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2023-2634 - Through 1 Plugin
The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2023-2634
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2023-0900 - Through 1 Plugin
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
PLUGIN
Through 1
CVE-2023-0900
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2023-2470 - Through 1 Plugin
The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 1
CVE-2023-2470
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2023-0766 - Through 1 Plugin
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.
PLUGIN
Through 1
CVE-2023-0766
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2023-0733 - Through 1 Plugin
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-0733
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-2179 - Through 1 Plugin
The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example
PLUGIN
Through 1
CVE-2023-2179
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-1019 - Through 1 Plugin
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-1019
Risk Score
Threat Entry
Updated 2025-01-14
CVE-2023-2009 - Through 1 Plugin
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2023-2009
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0892 - Through 1 Plugin
The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2023-0892
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0520 - Through 1 Plugin
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.
PLUGIN
Through 1
CVE-2023-0520
Risk Score
Threat Entry
Updated 2025-01-14
CVE-2023-0490 - Through 1 Plugin
The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0490
Risk Score
Threat Entry
Updated 2025-01-29
CVE-2023-1408 - Through 1 Plugin
The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
PLUGIN
Through 1
CVE-2023-1408
Risk Score
Threat Entry
Updated 2025-01-29
CVE-2023-0894 - Through 1 Plugin
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2023-0894
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0522 - Through 1 Plugin
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2023-0522
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0514 - Through 1 Plugin
The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2023-0514
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-0421 - Through 1 Plugin
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.
PLUGIN
Through 1
CVE-2023-0421
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0542 - Through 1 Plugin
The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0542
Risk Score
Threat Entry
Updated 2025-01-29
CVE-2023-0537 - Through 1 Plugin
The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-0537
Risk Score