Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-30750 - Cm Popup Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.
PLUGIN
Cm Popup
CVE-2023-30750
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49825 - Soledad Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
PLUGIN
Soledad
CVE-2023-49825
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-47236 - Ipages Flipbook Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8.
PLUGIN
Ipages Flipbook
CVE-2023-47236
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-38519 - Mainwp Dashboard Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.
PLUGIN
Mainwp Dashboard
CVE-2023-38519
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-48764 - Guardgiant Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5.
PLUGIN
Guardgiant
CVE-2023-48764
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6295 - Siteorigin Widgets Bundle Plugin
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
PLUGIN
Siteorigin Widgets Bundle
CVE-2023-6295
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5886 - Wp All Export Pro Plugin
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.
PLUGIN
Wp All Export Pro
CVE-2023-5886
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5882 - Wp All Export Pro Plugin
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
PLUGIN
Wp All Export Pro
CVE-2023-5882
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4311 - Vrm360 Plugin
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
PLUGIN
Vrm360
CVE-2023-4311
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6203 - Events Calendar Plugin
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
PLUGIN
Events Calendar
CVE-2023-6203
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5949 - Before 3 Plugin
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.
PLUGIN
Before 3
CVE-2023-5949
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6222 - Ithe Quttera Web Malware Scanner Plugin
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks
PLUGIN
Ithe Quttera Web Malware Scanner
CVE-2023-6222
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2023-4724 - Wp All Export Pro Plugin
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server
PLUGIN
Wp All Export Pro
CVE-2023-4724
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6559 - Mw Wp Form Plugin
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
PLUGIN
Mw Wp Form
CVE-2023-6559
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49187 - Allows Reflected Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.
THEME
Allows Reflected Xss
CVE-2023-49187
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49170 - Captainform Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.
PLUGIN
Captainform
CVE-2023-49170
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6827 - Essential Real Estate Plugin
The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
Essential Real Estate
CVE-2023-6827
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6826 - E2pdf Plugin
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
E2pdf
CVE-2023-6826
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49827 - Soledad Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
PLUGIN
Soledad
CVE-2023-49827
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6035 - Before 2 Plugin
The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.
PLUGIN
Before 2
CVE-2023-6035
Risk Score