Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2024-11605 - Through 1 Plugin
The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-11605
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-11607 - Through 1 Plugin
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-11607
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-11841 - Through 1 Plugin
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2024-11841
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-10551 - Through 1 Plugin
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-10551
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10510 - Through 1 Plugin
The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-10510
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-10710 - Through 1 Plugin
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-10710
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-10709 - Through 1 Plugin
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2024-10709
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-8157 - Through 1 Plugin
The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-8157
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-9934 - Through 1 Plugin
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-9934
Risk Score
Threat Entry
Updated 2024-12-20
CVE-2024-9689 - Through 1 Plugin
The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack
PLUGIN
Through 1
CVE-2024-9689
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7892 - Through 1 Plugin
The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-7892
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2024-8047 - Through 1 Plugin
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-8047
Risk Score
Threat Entry
Updated 2024-09-30
CVE-2024-8044 - Through 1 Plugin
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-8044
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8052 - Through 1 Plugin
The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8052
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8051 - Through 1 Plugin
The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8051
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2024-7766 - Through 1 Plugin
The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Through 1
CVE-2024-7766
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2024-7859 - Through 1 Plugin
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-7859
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7820 - Through 1 Plugin
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-7820
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7817 - Through 1 Plugin
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack
PLUGIN
Through 1
CVE-2024-7817
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7861 - Through 1 Plugin
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-7861
Risk Score