Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2025-1288 - Through 5 Plugin
The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack.
PLUGIN
Through 5
CVE-2025-1288
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3921 - Through 5 Plugin
The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 5
CVE-2024-3921
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2636 - Through 5 Plugin
The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber
PLUGIN
Through 5
CVE-2023-2636
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2709 - Through 5 Plugin
The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 5
CVE-2023-2709
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2320 - Through 5 Plugin
The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 5
CVE-2023-2320
Risk Score
Threat Entry
Updated 2025-01-29
CVE-2023-0768 - Through 5 Plugin
The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.
PLUGIN
Through 5
CVE-2023-0768
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-0369 - Through 5 Plugin
The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 5
CVE-2023-0369
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-0167 - Through 5 Plugin
The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Through 5
CVE-2023-0167
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2600 - Through 5 Plugin
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
PLUGIN
Through 5
CVE-2022-2600
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1829 - Through 5 Plugin
The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
PLUGIN
Through 5
CVE-2022-1829
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1608 - Through 5 Plugin
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 5
CVE-2022-1608
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0599 - Through 5 Plugin
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
PLUGIN
Through 5
CVE-2022-0599
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24940 - Through 5 Plugin
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
PLUGIN
Through 5
CVE-2021-24940
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24289 - Through 5 Plugin
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
PLUGIN
Through 5
CVE-2021-24289
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24290 - Through 5 Plugin
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
PLUGIN
Through 5
CVE-2021-24290
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24240 - Through 5 Plugin
The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.
PLUGIN
Through 5
CVE-2021-24240
Risk Score