Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total272
Critical26
High83
Medium161
Reset
Showing 221-240 of 272 records
Threat Entry Updated 2024-10-07

CVE-2024-47368 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33.

CORE WordPress Core

CVE-2024-47368

MEDIUM CVSS 6.5 2024-10-06
Open Full Technical Breakdown
Threat Entry Updated 2024-10-07

CVE-2024-47386 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 3.0.8.

CORE WordPress Core

CVE-2024-47386

HIGH CVSS 7.1 2024-10-05
Open Full Technical Breakdown
Threat Entry Updated 2024-10-07

CVE-2024-47647 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27.

CORE WordPress Core

CVE-2024-47647

MEDIUM CVSS 5.9 2024-10-05
Open Full Technical Breakdown
Threat Entry Updated 2024-10-07

CVE-2024-44018 - WordPress Core

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5.

CORE WordPress Core

CVE-2024-44018

HIGH CVSS 7.5 2024-10-05
Open Full Technical Breakdown
Threat Entry Updated 2024-09-26

CVE-2024-43237 - WordPress Core

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.3.

CORE WordPress Core

CVE-2024-43237

MEDIUM CVSS 5.3 2024-09-25
Open Full Technical Breakdown
Threat Entry Updated 2024-08-19

CVE-2024-43256 - WordPress Core

Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.

CORE WordPress Core

CVE-2024-43256

HIGH CVSS 7.1 2024-08-19
Open Full Technical Breakdown
Threat Entry Updated 2024-08-13

CVE-2024-43224 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27.

CORE WordPress Core

CVE-2024-43224

MEDIUM CVSS 6.5 2024-08-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-37946 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5.

CORE WordPress Core

CVE-2024-37946

MEDIUM CVSS 5.9 2024-07-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-37918 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog – WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through 1.4.8.

CORE WordPress Core

CVE-2024-37918

MEDIUM CVSS 6.5 2024-07-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-38704 - WordPress Core

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n/a through 2.1.12.

CORE WordPress Core

CVE-2024-38704

MEDIUM CVSS 6.5 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-37941 - WordPress Core

Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.

CORE WordPress Core

CVE-2024-37941

MEDIUM CVSS 4.3 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-37430 - WordPress Core

Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0.

CORE WordPress Core

CVE-2024-37430

MEDIUM CVSS 5.3 2024-07-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-5855 - WordPress Core

The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.

CORE WordPress Core

CVE-2024-5855

MEDIUM CVSS 4.3 2024-07-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-32111 - WordPress Core

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25,…

CORE WordPress Core

CVE-2024-32111

MEDIUM CVSS 5.0 2024-06-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-31111 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.

CORE WordPress Core

CVE-2024-31111

MEDIUM CVSS 6.5 2024-06-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-6307 - WordPress Core

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CORE WordPress Core

CVE-2024-6307

MEDIUM CVSS 6.4 2024-06-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4787 - WordPress Core

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.

CORE WordPress Core

CVE-2024-4787

MEDIUM CVSS 5.8 2024-06-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4354 - WordPress Core

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Due to the complex nature of protecting against DNS rebind attacks in WordPress software, we settled on the developer simply restricting the usage of the…

CORE WordPress Core

CVE-2024-4354

MEDIUM CVSS 6.4 2024-06-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-34801 - WordPress Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through 4.0.15.

CORE WordPress Core

CVE-2024-34801

MEDIUM CVSS 6.5 2024-06-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2506 - WordPress Core

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CORE WordPress Core

CVE-2024-2506

MEDIUM CVSS 6.4 2024-06-01
Open Full Technical Breakdown
Scroll to top