Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2023-7088 - Through 1 Plugin
The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 1
CVE-2023-7088
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-7196 - Through 1 Plugin
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2023-7196
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-7195 - Through 1 Plugin
The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
PLUGIN
Through 1
CVE-2023-7195
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6783 - Through 1 Plugin
The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2023-6783
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-13926 - Through 1 Plugin
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.
PLUGIN
Through 1
CVE-2024-13926
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-13896 - Through 1 Plugin
The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue
PLUGIN
Through 1
CVE-2024-13896
Risk Score
Threat Entry
Updated 2025-04-22
CVE-2024-8243 - Through 1 Plugin
The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8243
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2025-2279 - Through 1 Plugin
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2025-2279
Risk Score
Threat Entry
Updated 2025-06-25
CVE-2024-11847 - Through 1 Plugin
The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Through 1
CVE-2024-11847
Risk Score
Threat Entry
Updated 2025-04-08
CVE-2024-13881 - Through 1 Plugin
The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13881
Risk Score
Threat Entry
Updated 2025-04-08
CVE-2024-13880 - Through 1 Plugin
The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13880
Risk Score
Threat Entry
Updated 2025-04-09
CVE-2024-13877 - Through 1 Plugin
The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13877
Risk Score
Threat Entry
Updated 2025-04-10
CVE-2024-13875 - Through 1 Plugin
The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13875
Risk Score
Threat Entry
Updated 2025-10-06
CVE-2025-1436 - Through 1 Plugin
The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2025-1436
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2024-13891 - Through 1 Plugin
The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-13891
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2024-13884 - Through 1 Plugin
The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-13884
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-13864 - Through 1 Plugin
The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-13864
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-0629 - Through 1 Plugin
The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2025-0629
Risk Score
Threat Entry
Updated 2025-08-29
CVE-2024-13574 - Through 1 Plugin
The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13574
Risk Score
Threat Entry
Updated 2025-08-29
CVE-2024-13580 - Through 1 Plugin
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
PLUGIN
Through 1
CVE-2024-13580
Risk Score