Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-2237 - Wp Replicate Post Plugin
The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Wp Replicate Post
CVE-2023-2237
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1888 - Directorist Plugin
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.
PLUGIN
Directorist
CVE-2023-1888
Risk Score
Threat Entry
Updated 2024-11-25
CVE-2023-1895 - Getwid Plugin
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Getwid
CVE-2023-1895
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1615 - Ultimate Addons For Contact Form 7 Plugin
The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Ultimate Addons For Contact Form 7
CVE-2023-1615
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0992 - Shield Security Plugin
The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Shield Security
CVE-2023-0992
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0721 - Metform Elementor Contact Form Builder Plugin
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
PLUGIN
Metform Elementor Contact Form Builder
CVE-2023-0721
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0291 - Quiz And Survey Master Plugin
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
PLUGIN
Quiz And Survey Master
CVE-2023-0291
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4337 - Add Product Tabs Plugin
Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0,…
PLUGIN
Add Product Tabs
CVE-2021-4337
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3124 - Elementor Pro Plugin
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.
PLUGIN
Elementor Pro
CVE-2023-3124
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4382 - Recently Plugin
The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
Recently
CVE-2021-4382
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4373 - Better Search Plugin
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Better Search
CVE-2021-4373
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4383 - Wp Quick Frontend Editor Plugin
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.
PLUGIN
Wp Quick Frontend Editor
CVE-2021-4383
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4361 - Jobsearch Wp Job Board Plugin
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site.
PLUGIN
Jobsearch Wp Job Board
CVE-2021-4361
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4365 - Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Frontend File Manager
CVE-2021-4365
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4358 - Wp Dsgvo Tools Plugin
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Dsgvo Tools
CVE-2021-4358
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4354 - Pwa For Wp Amp Plugin
The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
PLUGIN
Pwa For Wp Amp
CVE-2021-4354
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4349 - Process Steps Template Designer Plugin
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Process Steps Template Designer
CVE-2021-4349
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4355 - Welcart E Commerce Plugin
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
PLUGIN
Welcart E Commerce
CVE-2021-4355
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4348 - Ultimate Gdpr Ccpa Compliance Toolkit Plugin
The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites.
PLUGIN
Ultimate Gdpr Ccpa Compliance Toolkit
CVE-2021-4348
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4339 - Ulisting Plugin
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database.
PLUGIN
Ulisting
CVE-2021-4339
Risk Score