Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2024-8701 - Through 1 Plugin
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-8701
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8095 - Through 1 Plugin
The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8095
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8085 - Through 1 Plugin
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8085
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8032 - Through 1 Plugin
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8032
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7769 - Through 1 Plugin
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-7769
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8050 - Through 1 Plugin
The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-8050
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-6718 - Through 1 Plugin
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2024-6718
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-6798 - Through 1 Plugin
The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-6798
Risk Score
Threat Entry
Updated 2026-01-02
CVE-2024-6797 - Through 1 Plugin
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-6797
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6713 - Through 1 Plugin
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-6713
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-6668 - Through 1 Plugin
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks
PLUGIN
Through 1
CVE-2024-6668
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6462 - Through 1 Plugin
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-6462
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13828 - Through 1 Plugin
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13828
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13823 - Through 1 Plugin
The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Through 1
CVE-2024-13823
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-12873 - Through 1 Plugin
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12873
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-12874 - Through 1 Plugin
The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-12874
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2024-12735 - Through 1 Plugin
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks
PLUGIN
Through 1
CVE-2024-12735
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2024-12734 - Through 1 Plugin
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12734
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2024-12733 - Through 1 Plugin
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12733
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2024-12732 - Through 1 Plugin
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12732
Risk Score