Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-5438 - Wp Image Slideshow Plugin
The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Wp Image Slideshow
CVE-2023-5438
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5437 - Wp Fade In Text News Plugin
The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Wp Fade In Text News
CVE-2023-5437
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5436 - Vertical Marquee Plugin
The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Vertical Marquee
CVE-2023-5436
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5435 - Up Down Image Slideshow Gallery Plugin
The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Up Down Image Slideshow Gallery
CVE-2023-5435
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5434 - Superb Slideshow Gallery Plugin
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Superb Slideshow Gallery
CVE-2023-5434
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5433 - Message Ticker Plugin
The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Message Ticker
CVE-2023-5433
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5431 - Left Right Image Slideshow Gallery Plugin
The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Left Right Image Slideshow Gallery
CVE-2023-5431
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5430 - Jquery News Ticker Plugin
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Jquery News Ticker
CVE-2023-5430
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5429 - Information Reel Plugin
The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Information Reel
CVE-2023-5429
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5428 - Image Vertical Reel Scroll Slideshow Plugin
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Image Vertical Reel Scroll Slideshow
CVE-2023-5428
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5412 - Image Horizontal Reel Scroll Slideshow Plugin
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Image Horizontal Reel Scroll Slideshow
CVE-2023-5412
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5583 - Wp Simple Galleries Plugin
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
PLUGIN
Wp Simple Galleries
CVE-2023-5583
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5315 - Google Maps Made Simple Plugin
The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Google Maps Made Simple
CVE-2023-5315
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5426 - Post Meta Data Manager Plugin
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.
PLUGIN
Post Meta Data Manager
CVE-2023-5426
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5425 - Post Meta Data Manager Plugin
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.
PLUGIN
Post Meta Data Manager
CVE-2023-5425
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-5798 - Before 1 Plugin
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks
PLUGIN
Before 1
CVE-2023-5798
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5311 - Wp Extra Plugin
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.
PLUGIN
Wp Extra
CVE-2023-5311
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5132 - Soisy Pagamento Rateale Plugin
The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).
PLUGIN
Soisy Pagamento Rateale
CVE-2023-5132
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4999 - Horizontal Scrolling Announcement Plugin
The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Horizontal Scrolling Announcement
CVE-2023-4999
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4386 - Essential Blocks Plugin
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
PLUGIN
Essential Blocks
CVE-2023-4386
Risk Score