Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-12-13
CVE-2024-54304 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support – WordPress Help Desk allows SQL Injection.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.2.
CORE
WordPress Core
CVE-2024-54304
Risk Score
Threat Entry
Updated 2024-12-13
CVE-2024-54274 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through 1.2.7.
CORE
WordPress Core
CVE-2024-54274
Risk Score
Threat Entry
Updated 2024-12-13
CVE-2024-54272 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks – WordPress Gutenberg Blocks: from n/a through 2.1.2.
CORE
WordPress Core
CVE-2024-54272
Risk Score
Threat Entry
Updated 2024-12-13
CVE-2024-54233 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0.
CORE
WordPress Core
CVE-2024-54233
Risk Score
Threat Entry
Updated 2024-12-11
CVE-2024-11351 - WordPress Core
The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11351
Risk Score
Threat Entry
Updated 2024-12-11
CVE-2024-11008 - WordPress Core
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11008
Risk Score
Threat Entry
Updated 2024-12-10
CVE-2024-11106 - WordPress Core
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11106
Risk Score
Threat Entry
Updated 2024-12-06
CVE-2024-54213 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12.
CORE
WordPress Core
CVE-2024-54213
Risk Score
Threat Entry
Updated 2024-12-06
CVE-2024-54207 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CORE
WordPress Core
CVE-2024-54207
Risk Score
Threat Entry
Updated 2024-12-06
CVE-2024-51615 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CORE
WordPress Core
CVE-2024-51615
Risk Score
Threat Entry
Updated 2024-12-06
CVE-2024-11292 - WordPress Core
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11292
Risk Score
Threat Entry
Updated 2024-12-02
CVE-2024-52461 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n/a through 2.0.1.
CORE
WordPress Core
CVE-2024-52461
Risk Score
Threat Entry
Updated 2024-12-02
CVE-2024-12015 - WordPress Core
The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.
CORE
WordPress Core
CVE-2024-12015
Risk Score
Threat Entry
Updated 2024-11-30
CVE-2024-53788 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.
CORE
WordPress Core
CVE-2024-53788
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-11083 - WordPress Core
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11083
Risk Score
Threat Entry
Updated 2025-07-07
CVE-2024-11089 - WordPress Core
The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users.
CORE
WordPress Core
CVE-2024-11089
Risk Score
Threat Entry
Updated 2025-04-05
CVE-2024-11088 - WordPress Core
The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CORE
WordPress Core
CVE-2024-11088
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-51807 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress: from n/a through 1.0.8.
CORE
WordPress Core
CVE-2024-51807
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-51634 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3.
CORE
WordPress Core
CVE-2024-51634
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-50541 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0.
CORE
WordPress Core
CVE-2024-50541
Risk Score