Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-30
CVE-2023-1861 - Through 1 Plugin
The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-1861
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2023-0924 - Through 1 Plugin
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.
PLUGIN
Through 1
CVE-2023-0924
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-1020 - Through 1 Plugin
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
PLUGIN
Through 1
CVE-2023-1020
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0899 - Through 1 Plugin
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.
PLUGIN
Through 1
CVE-2023-0899
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0424 - Through 1 Plugin
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-0424
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0418 - Through 1 Plugin
The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2023-0418
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0420 - Through 1 Plugin
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF
PLUGIN
Through 1
CVE-2023-0420
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2023-1426 - Through 1 Plugin
The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.
PLUGIN
Through 1
CVE-2023-1426
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-0422 - Through 1 Plugin
The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.
PLUGIN
Through 1
CVE-2023-0422
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-0589 - Through 1 Plugin
The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0589
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-0505 - Through 1 Plugin
The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
PLUGIN
Through 1
CVE-2023-0505
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-0502 - Through 1 Plugin
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
PLUGIN
Through 1
CVE-2023-0502
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-0395 - Through 1 Plugin
The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0395
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-0370 - Through 1 Plugin
The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0370
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-0365 - Through 1 Plugin
The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0365
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-0175 - Through 1 Plugin
The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0175
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-0145 - Through 1 Plugin
The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0145
Risk Score
Threat Entry
Updated 2025-03-06
CVE-2023-0165 - Through 1 Plugin
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0165
Risk Score
Threat Entry
Updated 2025-03-06
CVE-2023-0068 - Through 1 Plugin
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0068
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0065 - Through 1 Plugin
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0065
Risk Score