Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,273
Critical855
High2,814
Medium10,408
Reset
Showing 4401-4420 of 14273 records
Threat Entry Updated 2025-11-13

CVE-2024-0249 - Advanced Schedule Posts Plugin

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.

PLUGIN Advanced Schedule Posts

CVE-2024-0249

HIGH CVSS 7.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-11-13

CVE-2023-7297 - Through 1 Plugin

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 1

CVE-2023-7297

LOW CVSS 3.5 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2023-7239 - Wp Dashboard Notes Plugin

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.

PLUGIN Wp Dashboard Notes

CVE-2023-7239

HIGH CVSS 7.5 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-7197 - Marketing Twitter Bot Plugin

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

PLUGIN Marketing Twitter Bot

CVE-2023-7197

HIGH CVSS 7.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-7174 - Abitgone Commentsafe Plugin

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

PLUGIN Abitgone Commentsafe

CVE-2023-7174

HIGH CVSS 7.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-27

CVE-2023-7230 - Through 1 Plugin

The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks.

PLUGIN Through 1

CVE-2023-7230

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-28

CVE-2023-7228 - Through 1 Plugin

The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks.

PLUGIN Through 1

CVE-2023-7228

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-27

CVE-2023-7229 - Through 1 Plugin

The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

PLUGIN Through 1

CVE-2023-7229

MEDIUM CVSS 5.5 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2023-7088 - Through 1 Plugin

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

PLUGIN Through 1

CVE-2023-7088

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2023-7168 - Better Follow Button For Jetpack Plugin

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Better Follow Button For Jetpack

CVE-2023-7168

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-7196 - Ultimate Noindex Nofollow Tool Plugin

The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Ultimate Noindex Nofollow Tool

CVE-2023-7196

MEDIUM CVSS 4.3 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-7195 - Wp Reply Notify Plugin

The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

PLUGIN Wp Reply Notify

CVE-2023-7195

MEDIUM CVSS 4.3 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-6541 - Allow Svg Plugin

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

PLUGIN Allow Svg

CVE-2023-6541

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2023-7086 - Svg Uploads Support Plugin

The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

PLUGIN Svg Uploads Support

CVE-2023-7086

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-6783 - Wolfnet Idx For Plugin

The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Wolfnet Idx For

CVE-2023-6783

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2023-5934 - All Travel Brands In One Place Plugin

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack

PLUGIN All Travel Brands In One Place

CVE-2023-5934

HIGH CVSS 7.3 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2023-6030 - Logdash Activity Log Plugin

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker

PLUGIN Logdash Activity Log

CVE-2023-6030

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2023-5932 - All Travel Brands In One Place Plugin

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN All Travel Brands In One Place

CVE-2023-5932

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Scroll to top