Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-03-06
CVE-2023-0063 - Through 1 Plugin
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0063
Risk Score
Threat Entry
Updated 2025-03-10
CVE-2023-0331 - Through 1 Plugin
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.
PLUGIN
Through 1
CVE-2023-0331
Risk Score
Threat Entry
Updated 2025-03-18
CVE-2023-0168 - Through 1 Plugin
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0168
Risk Score
Threat Entry
Updated 2025-03-25
CVE-2023-0153 - Through 1 Plugin
The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0153
Risk Score
Threat Entry
Updated 2025-03-25
CVE-2023-0146 - Through 1 Plugin
The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-0146
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2022-3393 - Through 1 Plugin
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection
PLUGIN
Through 1
CVE-2022-3393
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2022-3392 - Through 1 Plugin
The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2022-3392
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2350 - Through 1 Plugin
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
PLUGIN
Through 1
CVE-2022-2350
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25044 - Through 1 Plugin
The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue
PLUGIN
Through 1
CVE-2021-25044
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2022-3098 - Through 1 Plugin
The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2022-3098
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2022-3025 - Through 1 Plugin
The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
PLUGIN
Through 1
CVE-2022-3025
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2022-3024 - Through 1 Plugin
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
PLUGIN
Through 1
CVE-2022-3024
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2754 - Through 1 Plugin
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks
PLUGIN
Through 1
CVE-2022-2754
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2753 - Through 1 Plugin
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made
PLUGIN
Through 1
CVE-2022-2753
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2022-2912 - Through 1 Plugin
The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).
PLUGIN
Through 1
CVE-2022-2912
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2022-2669 - Through 1 Plugin
The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PLUGIN
Through 1
CVE-2022-2669
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-25811 - Through 1 Plugin
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
PLUGIN
Through 1
CVE-2022-25811
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-25810 - Through 1 Plugin
The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.
PLUGIN
Through 1
CVE-2022-25810
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1322 - Through 1 Plugin
The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 1
CVE-2022-1322
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2381 - Through 1 Plugin
The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack
PLUGIN
Through 1
CVE-2022-2381
Risk Score