Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-06
CVE-2024-13615 - Through 1 Plugin
The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-13615
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-13825 - Through 1 Plugin
The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13825
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-13826 - Through 1 Plugin
The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-13826
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13668 - Through 1 Plugin
The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.
PLUGIN
Through 1
CVE-2024-13668
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13633 - Through 1 Plugin
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13633
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13632 - Through 1 Plugin
The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13632
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13678 - Through 1 Plugin
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13678
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-13669 - Through 1 Plugin
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13669
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13634 - Through 1 Plugin
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13634
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13630 - Through 1 Plugin
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13630
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13629 - Through 1 Plugin
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13629
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-13628 - Through 1 Plugin
The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13628
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13726 - Through 1 Plugin
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
PLUGIN
Through 1
CVE-2024-13726
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-13625 - Through 1 Plugin
The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13625
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-13603 - Through 1 Plugin
The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.
PLUGIN
Through 1
CVE-2024-13603
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-13608 - Through 1 Plugin
The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Through 1
CVE-2024-13608
Risk Score
Threat Entry
Updated 2025-05-26
CVE-2025-0692 - Through 1 Plugin
The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2025-0692
Risk Score
Threat Entry
Updated 2025-02-20
CVE-2024-13570 - Through 1 Plugin
The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13570
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-13352 - Through 1 Plugin
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13352
Risk Score
Threat Entry
Updated 2025-05-26
CVE-2024-13332 - Through 1 Plugin
The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-13332
Risk Score