Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-03
CVE-2023-6528 - Slider Revolution Plugin
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.
PLUGIN
Slider Revolution
CVE-2023-6528
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6140 - Essential Real Estate Plugin
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
PLUGIN
Essential Real Estate
CVE-2023-6140
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6750 - Before 2 Plugin
The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
PLUGIN
Before 2
CVE-2023-6750
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6505 - Before 1 Plugin
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.
PLUGIN
Before 1
CVE-2023-6505
Risk Score
Threat Entry
Updated 2025-04-17
CVE-2023-6383 - Debug Log Manager Plugin
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
PLUGIN
Debug Log Manager
CVE-2023-6383
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-5235 - Ovic Responsive Wpbakery Plugin
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.
PLUGIN
Ovic Responsive Wpbakery
CVE-2023-5235
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-5957 - Ni Purchase Order Po For Woocommerce Plugin
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
PLUGIN
Ni Purchase Order Po For Woocommerce
CVE-2023-5957
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2023-6600 - Omgf Plugin
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.
PLUGIN
Omgf
CVE-2023-6600
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7027 - Post Smtp Plugin
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Post Smtp
CVE-2023-7027
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6421 - Download Manager Plugin
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
PLUGIN
Download Manager
CVE-2023-6421
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6271 - Backup Migration Plugin
The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.
PLUGIN
Backup Migration
CVE-2023-6271
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6113 - Wp Staging Plugin
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.
PLUGIN
Wp Staging
CVE-2023-6113
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2023-6064 - Payhere Payment Gateway Plugin
The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.
PLUGIN
Payhere Payment Gateway
CVE-2023-6064
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51547 - Fluent Support Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.
PLUGIN
Fluent Support
CVE-2023-51547
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-52134 - Geo My Wordpress Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2.
PLUGIN
Geo My Wordpress
CVE-2023-52134
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50893 - Impreza Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4.
PLUGIN
Impreza
CVE-2023-50893
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50892 - Allows Reflected Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.
THEME
Allows Reflected Xss
CVE-2023-50892
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-52135 - Ws Form Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.
PLUGIN
Ws Form
CVE-2023-52135
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50845 - Geodirectory Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28.
PLUGIN
Geodirectory
CVE-2023-50845
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50849 - E2pdf Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.
PLUGIN
E2pdf
CVE-2023-50849
Risk Score