Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,273
Critical855
High2,814
Medium10,408
Reset
Showing 5681-5700 of 14273 records
Threat Entry Updated 2025-05-24

CVE-2024-12723 - Infility Global Plugin

The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Infility Global

CVE-2024-12723

MEDIUM CVSS 6.1 2025-01-28
Open Full Technical Breakdown
Threat Entry Updated 2025-05-11

CVE-2024-12807 - Social Share Buttons Plugin

The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Social Share Buttons

CVE-2024-12807

MEDIUM CVSS 4.8 2025-01-28
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2024-11135 - Eventer Plugin

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Eventer

CVE-2024-11135

HIGH CVSS 7.5 2025-01-28
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13094 - Wp Triggers Lite Plugin

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Wp Triggers Lite

CVE-2024-13094

HIGH CVSS 7.1 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13057 - Dyn Business Panel Plugin

The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

PLUGIN Dyn Business Panel

CVE-2024-13057

HIGH CVSS 7.1 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13056 - Dyn Business Panel Plugin

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Dyn Business Panel

CVE-2024-13056

HIGH CVSS 7.1 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-13055 - Dyn Business Panel Plugin

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Dyn Business Panel

CVE-2024-13055

HIGH CVSS 7.1 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13117 - Share Buttons Plugin

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded

PLUGIN Share Buttons

CVE-2024-13117

MEDIUM CVSS 6.5 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-05

CVE-2024-13095 - Wp Triggers Lite Plugin

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

PLUGIN Wp Triggers Lite

CVE-2024-13095

MEDIUM CVSS 4.8 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13116 - Crelly Slider Plugin

The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Crelly Slider

CVE-2024-13116

LOW CVSS 3.8 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-12773 - Altra Side Menu Plugin

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

PLUGIN Altra Side Menu

CVE-2024-12773

HIGH CVSS 7.2 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13052 - Dental Optimizer Patient Generator App Plugin

The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Dental Optimizer Patient Generator App

CVE-2024-13052

HIGH CVSS 7.1 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-12321 - Wc Affiliate Plugin

The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Wc Affiliate

CVE-2024-12321

HIGH CVSS 7.1 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2024-12774 - Altra Side Menu Plugin

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack

PLUGIN Altra Side Menu

CVE-2024-12774

MEDIUM CVSS 6.5 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-08

CVE-2024-12436 - Wp Customer Area Plugin

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

PLUGIN Wp Customer Area

CVE-2024-12436

MEDIUM CVSS 4.3 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-05-08

CVE-2024-12280 - Wp Customer Area Plugin

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack

PLUGIN Wp Customer Area

CVE-2024-12280

MEDIUM CVSS 4.3 2025-01-27
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-11936 - Zox News Plugin

The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

PLUGIN Zox News

CVE-2024-11936

HIGH CVSS 8.8 2025-01-26
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-12334 - Wc Affiliate Plugin

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Wc Affiliate

CVE-2024-12334

MEDIUM CVSS 6.1 2025-01-26
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-13505 - Survey Maker Plugin

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Survey Maker

CVE-2024-13505

MEDIUM CVSS 5.5 2025-01-26
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-11641 - Vikbooking Hotel Booking Engine Pms Plugin

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may…

PLUGIN Vikbooking Hotel Booking Engine Pms

CVE-2024-11641

HIGH CVSS 8.8 2025-01-26
Open Full Technical Breakdown
Scroll to top