Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-11
CVE-2024-12708 - Through 2 Plugin
The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2024-12708
Risk Score
Threat Entry
Updated 2025-05-11
CVE-2024-12638 - Through 2 Plugin
The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-12638
Risk Score
Threat Entry
Updated 2025-05-11
CVE-2024-12709 - Through 2 Plugin
The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
PLUGIN
Through 2
CVE-2024-12709
Risk Score
Threat Entry
Updated 2025-05-11
CVE-2024-12749 - Through 2 Plugin
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-12749
Risk Score
Threat Entry
Updated 2025-05-24
CVE-2024-12723 - Through 2 Plugin
The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-12723
Risk Score
Threat Entry
Updated 2025-05-11
CVE-2024-12807 - Through 2 Plugin
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 2
CVE-2024-12807
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13094 - Through 2 Plugin
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-13094
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13117 - Through 2 Plugin
The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded
PLUGIN
Through 2
CVE-2024-13117
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-13095 - Through 2 Plugin
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Through 2
CVE-2024-13095
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-12773 - Through 2 Plugin
The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Through 2
CVE-2024-12773
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-12321 - Through 2 Plugin
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-12321
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-12774 - Through 2 Plugin
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack
PLUGIN
Through 2
CVE-2024-12774
Risk Score
Threat Entry
Updated 2025-04-21
CVE-2024-12731 - Through 2 Plugin
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 2
CVE-2024-12731
Risk Score
Threat Entry
Updated 2025-04-21
CVE-2024-12717 - Through 2 Plugin
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 2
CVE-2024-12717
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-10815 - Through 2 Plugin
The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
PLUGIN
Through 2
CVE-2024-10815
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11606 - Through 2 Plugin
The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2024-11606
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9156 - Through 2 Plugin
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Through 2
CVE-2024-9156
Risk Score
Threat Entry
Updated 2025-03-14
CVE-2024-6517 - Through 2 Plugin
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
PLUGIN
Through 2
CVE-2024-6517
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-7689 - Through 2 Plugin
The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 2
CVE-2024-7689
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-6928 - Through 2 Plugin
The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
PLUGIN
Through 2
CVE-2024-6928
Risk Score