Threat Entry Updated 2025-06-12

CVE-2024-8492 - Through 7 Plugin

The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Through 7

CVE-2024-8492

MEDIUM CVSS 4.8 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-06-10

CVE-2024-13313 - Through 7 Plugin

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Through 7

CVE-2024-13313

MEDIUM CVSS 4.8 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1843 - Through 7 Plugin

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks

PLUGIN Through 7

CVE-2022-1843

MEDIUM CVSS 6.5 2022-06-27

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24737 - Through 7 Plugin

The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Through 7

CVE-2021-24737

MEDIUM CVSS 4.8 2021-10-11

Risk Score

Open Full Technical Breakdown