Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-09-27
CVE-2024-7860 - Through 1 Plugin
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-7860
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7822 - Through 1 Plugin
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-7822
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7818 - Through 1 Plugin
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-7818
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2024-7816 - Through 1 Plugin
The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-7816
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-6019 - Through 1 Plugin
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
PLUGIN
Through 1
CVE-2024-6019
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-6018 - Through 1 Plugin
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
PLUGIN
Through 1
CVE-2024-6018
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-6017 - Through 1 Plugin
The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 1
CVE-2024-6017
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-6722 - Through 1 Plugin
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-6722
Risk Score
Threat Entry
Updated 2024-10-04
CVE-2024-7692 - Through 1 Plugin
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-7692
Risk Score
Threat Entry
Updated 2024-10-04
CVE-2024-7691 - Through 1 Plugin
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
PLUGIN
Through 1
CVE-2024-7691
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7690 - Through 1 Plugin
The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2024-7690
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-3282 - Through 1 Plugin
The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2024-3282
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-3973 - Through 1 Plugin
The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-3973
Risk Score
Threat Entry
Updated 2024-10-28
CVE-2024-6720 - Through 1 Plugin
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Through 1
CVE-2024-6720
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-6496 - Through 1 Plugin
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack
PLUGIN
Through 1
CVE-2024-6496
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-6272 - Through 1 Plugin
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-6272
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-5975 - Through 1 Plugin
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
PLUGIN
Through 1
CVE-2024-5975
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-6223 - Through 1 Plugin
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 1
CVE-2024-6223
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-6224 - Through 1 Plugin
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 1
CVE-2024-6224
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-5807 - Through 1 Plugin
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
PLUGIN
Through 1
CVE-2024-5807
Risk Score