Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-2466 - Through 3 Plugin
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 3
CVE-2026-2466
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1128 - Through 3 Plugin
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack
PLUGIN
Through 3
CVE-2026-1128
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1235 - Through 3 Plugin
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
PLUGIN
Through 3
CVE-2026-1235
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2025-11855 - Through 3 Plugin
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password.
PLUGIN
Through 3
CVE-2025-11855
Risk Score
Threat Entry
Updated 2025-07-25
CVE-2025-6174 - Through 3 Plugin
The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user.
PLUGIN
Through 3
CVE-2025-6174
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-3901 - Through 3 Plugin
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
PLUGIN
Through 3
CVE-2024-3901
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11372 - Through 3 Plugin
The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Through 3
CVE-2024-11372
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11373 - Through 3 Plugin
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 3
CVE-2024-11373
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13569 - Through 3 Plugin
The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 3
CVE-2024-13569
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2024-13626 - Through 3 Plugin
The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 3
CVE-2024-13626
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13115 - Through 3 Plugin
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 3
CVE-2024-13115
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13114 - Through 3 Plugin
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 3
CVE-2024-13114
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-8857 - Through 3 Plugin
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 3
CVE-2024-8857
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-8855 - Through 3 Plugin
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks
PLUGIN
Through 3
CVE-2024-8855
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8092 - Through 3 Plugin
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 3
CVE-2024-8092
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-6490 - Through 3 Plugin
During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.
PLUGIN
Through 3
CVE-2024-6490
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2024-5155 - Through 3 Plugin
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 3
CVE-2024-5155
Risk Score
Threat Entry
Updated 2025-03-25
CVE-2024-3992 - Through 3 Plugin
The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 3
CVE-2024-3992
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3972 - Through 3 Plugin
The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 3
CVE-2024-3972
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-3971 - Through 3 Plugin
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
PLUGIN
Through 3
CVE-2024-3971
Risk Score