Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-18
CVE-2024-52408 - WordPress Core
Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.
CORE
WordPress Core
CVE-2024-52408
Risk Score
Threat Entry
Updated 2024-11-15
CVE-2024-52370 - WordPress Core
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.
CORE
WordPress Core
CVE-2024-52370
Risk Score
Threat Entry
Updated 2024-11-12
CVE-2024-51702 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through 1.4.
CORE
WordPress Core
CVE-2024-51702
Risk Score
Threat Entry
Updated 2024-11-12
CVE-2024-51708 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0.
CORE
WordPress Core
CVE-2024-51708
Risk Score
Threat Entry
Updated 2024-11-12
CVE-2024-10669 - WordPress Core
The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
CORE
WordPress Core
CVE-2024-10669
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-43268 - WordPress Core
Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50.
CORE
WordPress Core
CVE-2024-43268
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-43270 - WordPress Core
Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CORE
WordPress Core
CVE-2024-43270
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-43235 - WordPress Core
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10.
CORE
WordPress Core
CVE-2024-43235
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-38792 - WordPress Core
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
CORE
WordPress Core
CVE-2024-38792
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-38690 - WordPress Core
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.
CORE
WordPress Core
CVE-2024-38690
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-37226 - WordPress Core
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
CORE
WordPress Core
CVE-2024-37226
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-37218 - WordPress Core
Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0.
CORE
WordPress Core
CVE-2024-37218
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-50427 - WordPress Core
Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.
CORE
WordPress Core
CVE-2024-50427
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-50415 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1.
CORE
WordPress Core
CVE-2024-50415
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-49302 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.
CORE
WordPress Core
CVE-2024-49302
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-49322 - WordPress Core
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.
CORE
WordPress Core
CVE-2024-49322
Risk Score
Threat Entry
Updated 2024-10-16
CVE-2024-49260 - WordPress Core
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.
CORE
WordPress Core
CVE-2024-49260
Risk Score
Threat Entry
Updated 2024-10-16
CVE-2024-49258 - WordPress Core
Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.
CORE
WordPress Core
CVE-2024-49258
Risk Score
Threat Entry
Updated 2024-10-10
CVE-2024-47334 - WordPress Core
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1.
CORE
WordPress Core
CVE-2024-47334
Risk Score
Threat Entry
Updated 2024-10-07
CVE-2024-47327 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n/a through 4.5.0.3.
CORE
WordPress Core
CVE-2024-47327
Risk Score