Threat Entry Updated 2025-03-14

CVE-2024-0780 - Through 6 Plugin

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

PLUGIN Through 6

CVE-2024-0780

HIGH CVSS 8.8 2024-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-05

CVE-2024-0779 - Through 6 Plugin

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example

PLUGIN Through 6

CVE-2024-0779

HIGH CVSS 8.8 2024-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-06-11

CVE-2023-4925 - Through 6 Plugin

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Through 6

CVE-2023-4925

MEDIUM CVSS 4.8 2024-01-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-12-12

CVE-2023-2359 - Through 6 Plugin

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.

PLUGIN Through 6

CVE-2023-2359

HIGH CVSS 8.8 2023-06-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-01-30

CVE-2023-1021 - Through 6 Plugin

The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Through 6

CVE-2023-1021

MEDIUM CVSS 4.8 2023-05-02

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1885 - Through 6 Plugin

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 6

CVE-2022-1885

MEDIUM CVSS 4.3 2022-06-27

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1787 - Through 6 Plugin

The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

PLUGIN Through 6

CVE-2022-1787

MEDIUM CVSS 5.4 2022-06-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24903 - Through 6 Plugin

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Through 6

CVE-2021-24903

MEDIUM CVSS 4.8 2022-02-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24222 - Through 6 Plugin

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.

PLUGIN Through 6

CVE-2021-24222

CRITICAL CVSS 9.8 2021-04-12

Risk Score

Open Full Technical Breakdown