Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-4922 - Through 2 Plugin
The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
PLUGIN
Through 2
CVE-2023-4922
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4514 - Through 2 Plugin
The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 2
CVE-2023-4514
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4297 - Through 2 Plugin
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
PLUGIN
Through 2
CVE-2023-4297
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4970 - Through 2 Plugin
The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 2
CVE-2023-4970
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4783 - Through 2 Plugin
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-4783
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2813 - Through 2 Theme
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable…
THEME
Through 2
CVE-2023-2813
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1893 - Through 2 Plugin
The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
PLUGIN
Through 2
CVE-2023-1893
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2529 - Through 2 Plugin
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 2
CVE-2023-2529
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2068 - Through 2 Plugin
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.
PLUGIN
Through 2
CVE-2023-2068
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2023-0152 - Through 2 Plugin
The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 2
CVE-2023-0152
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-2180 - Through 2 Plugin
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)
PLUGIN
Through 2
CVE-2023-2180
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0763 - Through 2 Plugin
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack
PLUGIN
Through 2
CVE-2023-0763
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0762 - Through 2 Plugin
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack
PLUGIN
Through 2
CVE-2023-0762
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0761 - Through 2 Plugin
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack
PLUGIN
Through 2
CVE-2023-0761
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-0603 - Through 2 Plugin
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 2
CVE-2023-0603
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-0536 - Through 2 Plugin
The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-0536
Risk Score
Threat Entry
Updated 2025-01-29
CVE-2023-0526 - Through 2 Plugin
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Through 2
CVE-2023-0526
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0280 - Through 2 Plugin
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-0280
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-0544 - Through 2 Plugin
The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 2
CVE-2023-0544
Risk Score
Threat Entry
Updated 2025-01-29
CVE-2023-0267 - Through 2 Plugin
The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-0267
Risk Score