Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2024-8032 - Smooth Gallery Replacement Plugin
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Smooth Gallery Replacement
CVE-2024-8032
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7769 - Clicksold Idx Plugin
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Clicksold Idx
CVE-2024-7769
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8082 - Widgets Reset Plugin
The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Widgets Reset
CVE-2024-8082
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8050 - Custom Author Base Plugin
The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Custom Author Base
CVE-2024-8050
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-8009 - Before 4 Plugin
The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page
PLUGIN
Before 4
CVE-2024-8009
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7984 - Joy Of Text Lite Plugin
The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Joy Of Text Lite
CVE-2024-7984
Risk Score
Threat Entry
Updated 2025-10-02
CVE-2024-7762 - Simple Job Board Plugin
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
PLUGIN
Simple Job Board
CVE-2024-7762
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-6809 - Simple Video Directory Plugin
The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
PLUGIN
Simple Video Directory
CVE-2024-6809
Risk Score
Threat Entry
Updated 2026-01-05
CVE-2024-6719 - Offload Videos Plugin
The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack
PLUGIN
Offload Videos
CVE-2024-6719
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7761 - In The Process Of Testing The Simple Job Board Plugin
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
PLUGIN
In The Process Of Testing The Simple Job Board
CVE-2024-7761
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6712 - Mapfig Studio Plugin
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Mapfig Studio
CVE-2024-6712
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-6718 - Pvn Auth Popup Plugin
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Pvn Auth Popup
CVE-2024-6718
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7759 - Pwa For Wp Plugin
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Pwa For Wp
CVE-2024-7759
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-7758 - Stylish Price List Plugin
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Stylish Price List
CVE-2024-7758
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-7556 - Simple Share Plugin
The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Simple Share
CVE-2024-7556
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-6798 - Dl Verification Plugin
The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Dl Verification
CVE-2024-6798
Risk Score
Threat Entry
Updated 2026-01-02
CVE-2024-6797 - Through 1 Plugin
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-6797
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6713 - Pvn Auth Popup Plugin
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Pvn Auth Popup
CVE-2024-6713
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6486 - Imagemagick Engine Imagemagick Engine Plugin
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution.
PLUGIN
Imagemagick Engine Imagemagick Engine
CVE-2024-6486
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6690 - Before 15 Plugin
The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
PLUGIN
Before 15
CVE-2024-6690
Risk Score