Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2023-7086 - Through 2 Plugin
The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 2
CVE-2023-7086
Risk Score
Threat Entry
Updated 2025-04-09
CVE-2025-1487 - Through 2 Plugin
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2025-1487
Risk Score
Threat Entry
Updated 2025-04-09
CVE-2025-1486 - Through 2 Plugin
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2025-1486
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2025-1401 - Through 2 Plugin
The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2025-1401
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-13836 - Through 2 Plugin
The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13836
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2025-1382 - Through 2 Plugin
The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 2
CVE-2025-1382
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-13624 - Through 2 Plugin
The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13624
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13822 - Through 2 Plugin
The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13822
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2024-13627 - Through 2 Plugin
The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13627
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2024-12586 - Through 2 Plugin
The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-12586
Risk Score
Threat Entry
Updated 2025-02-20
CVE-2024-13543 - Through 2 Plugin
The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13543
Risk Score
Threat Entry
Updated 2025-02-20
CVE-2024-13544 - Through 2 Plugin
The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
PLUGIN
Through 2
CVE-2024-13544
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13328 - Through 2 Plugin
The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2024-13328
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13327 - Through 2 Plugin
The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2024-13327
Risk Score
Threat Entry
Updated 2025-07-25
CVE-2024-13325 - Through 2 Plugin
The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2024-13325
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13226 - Through 2 Plugin
The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13226
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-13223 - Through 2 Plugin
The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13223
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-13219 - Through 2 Plugin
The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13219
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-13218 - Through 2 Plugin
The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13218
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2024-13100 - Through 2 Plugin
The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13100
Risk Score