Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total179
Critical16
High33
Medium129
Reset
Showing 81-100 of 179 records
Threat Entry Updated 2026-01-09

CVE-2024-3406 - Through 2 Plugin

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 2

CVE-2024-3406

HIGH CVSS 8.8 2024-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-15

CVE-2024-3407 - Through 2 Plugin

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

PLUGIN Through 2

CVE-2024-3407

MEDIUM CVSS 5.3 2024-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-15

CVE-2024-3405 - Through 2 Plugin

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 2

CVE-2024-3405

HIGH CVSS 7.6 2024-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-14

CVE-2024-3582 - Through 2 Plugin

The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

PLUGIN Through 2

CVE-2024-3582

MEDIUM CVSS 4.8 2024-05-14
Open Full Technical Breakdown
Threat Entry Updated 2025-05-08

CVE-2024-1755 - Through 2 Plugin

The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

PLUGIN Through 2

CVE-2024-1755

HIGH CVSS 8.8 2024-04-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-08

CVE-2024-1754 - Through 2 Plugin

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Through 2

CVE-2024-1754

MEDIUM CVSS 4.7 2024-04-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-19

CVE-2023-6385 - Through 2 Plugin

The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.

PLUGIN Through 2

CVE-2023-6385

MEDIUM CVSS 4.3 2024-04-10
Open Full Technical Breakdown
Threat Entry Updated 2025-04-01

CVE-2024-0672 - Through 2 Plugin

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Through 2

CVE-2024-0672

HIGH CVSS 7.1 2024-03-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-01

CVE-2024-0673 - Through 2 Plugin

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Through 2

CVE-2024-0673

MEDIUM CVSS 6.1 2024-03-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-01

CVE-2024-0677 - Through 2 Plugin

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

PLUGIN Through 2

CVE-2024-0677

MEDIUM CVSS 5.1 2024-03-28
Open Full Technical Breakdown
Threat Entry Updated 2025-03-14

CVE-2023-7233 - Through 2 Plugin

The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Through 2

CVE-2023-7233

MEDIUM CVSS 4.8 2024-02-12
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2023-6389 - Through 2 Plugin

The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

PLUGIN Through 2

CVE-2023-6389

MEDIUM CVSS 6.1 2024-01-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6503 - Through 2 Plugin

The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

PLUGIN Through 2

CVE-2023-6503

MEDIUM CVSS 5.4 2024-01-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6633 - Through 2 Plugin

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks

PLUGIN Through 2

CVE-2023-6633

MEDIUM CVSS 4.3 2024-01-29
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2023-7084 - Through 2 Plugin

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks

PLUGIN Through 2

CVE-2023-7084

MEDIUM CVSS 5.4 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-02

CVE-2023-7083 - Through 2 Plugin

The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

PLUGIN Through 2

CVE-2023-7083

MEDIUM CVSS 5.4 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2023-0824 - Through 2 Plugin

The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.

PLUGIN Through 2

CVE-2023-0824

MEDIUM CVSS 6.5 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-02

CVE-2023-0769 - Through 2 Plugin

The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.

PLUGIN Through 2

CVE-2023-0769

MEDIUM CVSS 6.1 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-02

CVE-2021-4227 - Through 2 Plugin

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section

PLUGIN Through 2

CVE-2021-4227

MEDIUM CVSS 5.3 2024-01-16
Open Full Technical Breakdown
Scroll to top