Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-13
CVE-2024-13331 - Through 1 Plugin
The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-13331
Risk Score
Threat Entry
Updated 2025-04-18
CVE-2024-13347 - Through 1 Plugin
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
PLUGIN
Through 1
CVE-2024-13347
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13099 - Through 1 Plugin
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13099
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13098 - Through 1 Plugin
The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13098
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-13097 - Through 1 Plugin
The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13097
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-12768 - Through 1 Plugin
The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2024-12768
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-13096 - Through 1 Plugin
The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-13096
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13225 - Through 1 Plugin
The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13225
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-13224 - Through 1 Plugin
The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13224
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13222 - Through 1 Plugin
The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13222
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-13220 - Through 1 Plugin
The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13220
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-12275 - Through 1 Plugin
The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12275
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2024-12872 - Through 1 Plugin
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-12872
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13057 - Through 1 Plugin
The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-13057
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13056 - Through 1 Plugin
The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13056
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13055 - Through 1 Plugin
The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13055
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13052 - Through 1 Plugin
The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13052
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-12587 - Through 1 Plugin
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12587
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-12595 - Through 1 Plugin
The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
PLUGIN
Through 1
CVE-2024-12595
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11645 - Through 1 Plugin
The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-11645
Risk Score