Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-09
CVE-2023-7168 - Through 8 Plugin
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 8
CVE-2023-7168
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13862 - Through 8 Plugin
The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Through 8
CVE-2024-13862
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-12436 - Through 8 Plugin
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Through 8
CVE-2024-12436
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-12280 - Through 8 Plugin
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack
PLUGIN
Through 8
CVE-2024-12280
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0693 - Through 8 Plugin
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection
PLUGIN
Through 8
CVE-2022-0693
Risk Score