Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-0159 - Extensive Vc Addons For Wpbakery Page Builder Plugin
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
PLUGIN
Extensive Vc Addons For Wpbakery Page Builder
CVE-2023-0159
Risk Score
Threat Entry
Updated 2025-03-25
CVE-2023-0234 - Siteground Security Plugin
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
PLUGIN
Siteground Security
CVE-2023-0234
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0558 - Contentstudio Plugin
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
PLUGIN
Contentstudio
CVE-2023-0558
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0557 - Contentstudio Plugin
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts.
PLUGIN
Contentstudio
CVE-2023-0557
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0555 - Quick Restaurant Menu Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post…
PLUGIN
Quick Restaurant Menu
CVE-2023-0555
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0554 - Quick Restaurant Menu Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Quick Restaurant Menu
CVE-2023-0554
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0550 - Quick Restaurant Menu Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.
PLUGIN
Quick Restaurant Menu
CVE-2023-0550
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2021-24881 - Before 3 Plugin
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.
PLUGIN
Before 3
CVE-2021-24881
Risk Score
Threat Entry
Updated 2025-04-03
CVE-2023-23492 - Login With Phone Number Plugin
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.
PLUGIN
Login With Phone Number
CVE-2023-23492
Risk Score
Threat Entry
Updated 2025-04-03
CVE-2023-23490 - Survey Maker Plugin
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
PLUGIN
Survey Maker
CVE-2023-23490
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0294 - Mediamatic Plugin
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Mediamatic
CVE-2023-0294
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0254 - Simple Membership Wp User Import Plugin
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Simple Membership Wp User Import
CVE-2023-0254
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0088 - Swifty Page Manager Plugin
The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Swifty Page Manager
CVE-2023-0088
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0038 - Survey Maker Plugin
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.
PLUGIN
Survey Maker
CVE-2023-0038
Risk Score
Threat Entry
Updated 2025-04-14
CVE-2021-24942 - Menu Item Visibility Control Plugin
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
PLUGIN
Menu Item Visibility Control
CVE-2021-24942
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-3852 - Vr Calendar Sync Plugin
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Vr Calendar Sync
CVE-2022-3852
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-3776 - Restaurant Menu – Food Ordering System – Table Reservation Plugin
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a…
PLUGIN
Restaurant Menu – Food Ordering System – Table Reservation
CVE-2022-3776
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2022-3357 - Smart Slider 3 Plugin
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.
PLUGIN
Smart Slider 3
CVE-2022-3357
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2022-3360 - Before 4 Plugin
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.
PLUGIN
Before 4
CVE-2022-3360
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2022-3380 - Before 0 Plugin
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
PLUGIN
Before 0
CVE-2022-3380
Risk Score