Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total272
Critical26
High83
Medium161
Reset
Showing 161-180 of 272 records
Threat Entry Updated 2025-01-26

CVE-2024-10636 - WordPress Core

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CORE WordPress Core

CVE-2024-10636

MEDIUM CVSS 6.1 2025-01-26
Open Full Technical Breakdown
Threat Entry Updated 2025-01-26

CVE-2024-10574 - WordPress Core

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web…

CORE WordPress Core

CVE-2024-10574

HIGH CVSS 7.2 2025-01-26
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-49333 - WordPress Core

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.

CORE WordPress Core

CVE-2024-49333

HIGH CVSS 8.5 2025-01-21
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-49303 - WordPress Core

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.

CORE WordPress Core

CVE-2024-49303

HIGH CVSS 8.5 2025-01-21
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-49300 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.

CORE WordPress Core

CVE-2024-49300

HIGH CVSS 7.1 2025-01-21
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2024-11282 - WordPress Core

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

CORE WordPress Core

CVE-2024-11282

MEDIUM CVSS 5.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-11290 - WordPress Core

The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

CORE WordPress Core

CVE-2024-11290

MEDIUM CVSS 5.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-02

CVE-2024-56302 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.This issue affects ConvertCalculator for WordPress: from n/a through 1.1.1.

CORE WordPress Core

CVE-2024-56302

MEDIUM CVSS 6.5 2025-01-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-02

CVE-2024-56245 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.42.

CORE WordPress Core

CVE-2024-56245

MEDIUM CVSS 6.5 2025-01-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-02

CVE-2024-56022 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3.

CORE WordPress Core

CVE-2024-56022

HIGH CVSS 7.1 2025-01-02
Open Full Technical Breakdown
Threat Entry Updated 2025-07-03

CVE-2024-11297 - WordPress Core

The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

CORE WordPress Core

CVE-2024-11297

MEDIUM CVSS 5.3 2024-12-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-11291 - WordPress Core

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

CORE WordPress Core

CVE-2024-11291

MEDIUM CVSS 5.3 2024-12-18
Open Full Technical Breakdown
Threat Entry Updated 2024-12-18

CVE-2024-11295 - WordPress Core

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

CORE WordPress Core

CVE-2024-11295

MEDIUM CVSS 5.3 2024-12-18
Open Full Technical Breakdown
Threat Entry Updated 2024-12-17

CVE-2024-11280 - WordPress Core

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

CORE WordPress Core

CVE-2024-11280

MEDIUM CVSS 5.3 2024-12-17
Open Full Technical Breakdown
Threat Entry Updated 2024-12-17

CVE-2024-11294 - WordPress Core

The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.

CORE WordPress Core

CVE-2024-11294

MEDIUM CVSS 5.3 2024-12-17
Open Full Technical Breakdown
Threat Entry Updated 2024-12-16

CVE-2024-55998 - WordPress Core

Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36.

CORE WordPress Core

CVE-2024-55998

MEDIUM CVSS 5.4 2024-12-16
Open Full Technical Breakdown
Threat Entry Updated 2024-12-16

CVE-2024-54391 - WordPress Core

Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1.

CORE WordPress Core

CVE-2024-54391

HIGH CVSS 7.1 2024-12-16
Open Full Technical Breakdown
Threat Entry Updated 2024-12-16

CVE-2024-54384 - WordPress Core

Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3.

CORE WordPress Core

CVE-2024-54384

MEDIUM CVSS 4.3 2024-12-16
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2024-54326 - WordPress Core

Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through 4.5.0.4.

CORE WordPress Core

CVE-2024-54326

MEDIUM CVSS 6.5 2024-12-13
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2024-54321 - WordPress Core

Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support – WordPress Help Desk allows Cross Site Request Forgery.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.2.

CORE WordPress Core

CVE-2024-54321

MEDIUM CVSS 4.3 2024-12-13
Open Full Technical Breakdown
Scroll to top