Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-19
CVE-2023-0491 - Through 2 Plugin
The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-0491
Risk Score
Threat Entry
Updated 2025-03-06
CVE-2023-0064 - Through 2 Plugin
The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-0064
Risk Score
Threat Entry
Updated 2025-03-18
CVE-2023-0381 - Through 2 Plugin
The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks
PLUGIN
Through 2
CVE-2023-0381
Risk Score
Threat Entry
Updated 2025-03-10
CVE-2023-0043 - Through 2 Plugin
The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 2
CVE-2023-0043
Risk Score
Threat Entry
Updated 2025-03-25
CVE-2023-0148 - Through 2 Plugin
The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 2
CVE-2023-0148
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-3021 - Through 2 Plugin
The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 2
CVE-2022-3021
Risk Score
Threat Entry
Updated 2026-02-10
CVE-2022-2709 - Through 2 Plugin
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 2
CVE-2022-2709
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2555 - Through 2 Plugin
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.
PLUGIN
Through 2
CVE-2022-2555
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2379 - Through 2 Plugin
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc
PLUGIN
Through 2
CVE-2022-2379
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2378 - Through 2 Plugin
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PLUGIN
Through 2
CVE-2022-2378
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2314 - Through 2 Plugin
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
PLUGIN
Through 2
CVE-2022-2314
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2325 - Through 2 Plugin
The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 2
CVE-2022-2325
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2240 - Through 2 Plugin
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
PLUGIN
Through 2
CVE-2022-2240
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2340 - Through 2 Plugin
The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 2
CVE-2022-2340
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1057 - Through 2 Plugin
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
PLUGIN
Through 2
CVE-2022-1057
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1732 - Through 2 Plugin
The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 2
CVE-2022-1732
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1913 - Through 2 Plugin
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
PLUGIN
Through 2
CVE-2022-1913
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1470 - Through 2 Plugin
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PLUGIN
Through 2
CVE-2022-1470
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1818 - Through 2 Plugin
The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
PLUGIN
Through 2
CVE-2022-1818
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1791 - Through 2 Plugin
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
PLUGIN
Through 2
CVE-2022-1791
Risk Score