Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,273
Critical855
High2,814
Medium10,408
Reset
Showing 5521-5540 of 14273 records
Threat Entry Updated 2025-05-23

CVE-2024-13733 - Skt Blocks Plugin

The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Skt Blocks

CVE-2024-13733

MEDIUM CVSS 6.4 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-13510 - Shopsite Plugin

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Shopsite

CVE-2024-13510

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-23

CVE-2024-13356 - Dsgvo All In One For Wp Plugin

The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Dsgvo All In One For Wp

CVE-2024-13356

MEDIUM CVSS 6.5 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-08-12

CVE-2024-13403 - Wpforms Plugin

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wpforms

CVE-2024-13403

MEDIUM CVSS 6.4 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-13514 - B Slider Gutenberg Slider Block For Wp Plugin

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.

PLUGIN B Slider Gutenberg Slider Block For Wp

CVE-2024-13514

MEDIUM CVSS 4.3 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-12046 - Medical Addon For Elementor Plugin

The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts.

PLUGIN Medical Addon For Elementor

CVE-2024-12046

MEDIUM CVSS 4.3 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-12597 - Ht Mega Plugin

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ht Mega

CVE-2024-12597

MEDIUM CVSS 6.4 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-13607 - Js Support Ticket Plugin

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.

PLUGIN Js Support Ticket

CVE-2024-13607

MEDIUM CVSS 4.3 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2025-0368 - Banner Garden Plugin

The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.

PLUGIN Banner Garden

CVE-2025-0368

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-09-30

CVE-2025-0466 - Before 4 Plugin

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.

PLUGIN Before 4

CVE-2025-0466

MEDIUM CVSS 5.3 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13330 - Justrows Free Plugin

The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Justrows Free

CVE-2024-13330

HIGH CVSS 7.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13329 - Solidres Plugin

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Solidres

CVE-2024-13329

HIGH CVSS 7.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-26

CVE-2024-13332 - Transfinanz Plugin

The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Transfinanz

CVE-2024-13332

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13331 - Wp Dream Carousel Plugin

The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Wp Dream Carousel

CVE-2024-13331

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13328 - Giga Messenger Plugin

The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Giga Messenger

CVE-2024-13328

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13327 - Musicbox Plugin

The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Musicbox

CVE-2024-13327

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13326 - Ibuildapp Plugin

The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Ibuildapp

CVE-2024-13326

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-07-25

CVE-2024-13325 - Glossy Plugin

The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Glossy

CVE-2024-13325

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13115 - Wp Projects Portfolio With Client Testimonials Plugin

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

PLUGIN Wp Projects Portfolio With Client Testimonials

CVE-2024-13115

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13114 - Wp Projects Portfolio With Client Testimonials Plugin

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Wp Projects Portfolio With Client Testimonials

CVE-2024-13114

MEDIUM CVSS 6.1 2025-02-04
Open Full Technical Breakdown
Scroll to top