Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-05
CVE-2023-7085 - Through 3 Plugin
The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 3
CVE-2023-7085
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2023-7247 - Through 3 Plugin
The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
PLUGIN
Through 3
CVE-2023-7247
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2023-6499 - Through 3 Plugin
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Through 3
CVE-2023-6499
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-5911 - Through 3 Plugin
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 3
CVE-2023-5911
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5210 - Through 3 Plugin
The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 3
CVE-2023-5210
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4252 - Through 3 Plugin
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
PLUGIN
Through 3
CVE-2023-4252
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4808 - Through 3 Plugin
The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 3
CVE-2023-4808
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-5243 - Through 3 Plugin
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 3
CVE-2023-5243
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2813 - Through 3 Theme
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable…
THEME
Through 3
CVE-2023-2813
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2495 - Through 3 Plugin
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.
PLUGIN
Through 3
CVE-2023-2495
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2029 - Through 3 Plugin
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 3
CVE-2023-2029
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2321 - Through 3 Plugin
The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 3
CVE-2023-2321
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2899 - Through 3 Plugin
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
PLUGIN
Through 3
CVE-2023-2899
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0431 - Through 3 Plugin
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
PLUGIN
Through 3
CVE-2023-0431
Risk Score
Threat Entry
Updated 2025-01-14
CVE-2023-0644 - Through 3 Plugin
The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 3
CVE-2023-0644
Risk Score
Threat Entry
Updated 2025-02-27
CVE-2023-0073 - Through 3 Plugin
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 3
CVE-2023-0073
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-0078 - Through 3 Plugin
The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users
PLUGIN
Through 3
CVE-2023-0078
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2022-3408 - Through 3 Plugin
The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Through 3
CVE-2022-3408
Risk Score
Threat Entry
Updated 2025-05-09
CVE-2022-3350 - Through 3 Plugin
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 3
CVE-2022-3350
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2022-3135 - Through 3 Plugin
The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 3
CVE-2022-3135
Risk Score