Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,044
Critical0
High3,044
Medium0
Reset
Showing 1361-1380 of 3044 records
Threat Entry Updated 2025-03-11

CVE-2024-13899 - Mambo Joomla Importer Plugin

The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional…

PLUGIN Mambo Joomla Importer

CVE-2024-13899

HIGH CVSS 7.2 2025-02-22
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13353 - Responsive Addons For Elementor Plugin

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be…

PLUGIN Responsive Addons For Elementor

CVE-2024-13353

HIGH CVSS 8.8 2025-02-21
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-11260 - Events Manager Plugin

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Events Manager

CVE-2024-11260

HIGH CVSS 7.5 2025-02-21
Open Full Technical Breakdown
Threat Entry Updated 2025-07-07

CVE-2025-1039 - Lenix Leads Collector Plugin

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Lenix Leads Collector

CVE-2025-1039

HIGH CVSS 7.2 2025-02-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13753 - Ultimate Classified Listings Plugin

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.

PLUGIN Ultimate Classified Listings

CVE-2024-13753

HIGH CVSS 8.1 2025-02-20
Open Full Technical Breakdown
Threat Entry Updated 2025-09-10

CVE-2024-13792 - Woocommerce Food Plugin

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

PLUGIN Woocommerce Food

CVE-2024-13792

HIGH CVSS 7.3 2025-02-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13476 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13476

HIGH CVSS 7.5 2025-02-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13888 - Wpmobile App Plugin

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

PLUGIN Wpmobile App

CVE-2024-13888

HIGH CVSS 7.2 2025-02-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13534 - Small Package Quotes Plugin

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Small Package Quotes

CVE-2024-13534

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13533 - Small Package Quotes Plugin

The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Small Package Quotes

CVE-2024-13533

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13491 - Small Package Quotes Plugin

The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Small Package Quotes

CVE-2024-13491

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13485 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13485

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2025-0916 - Yaysmtp Plugin

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function.

PLUGIN Yaysmtp

CVE-2025-0916

HIGH CVSS 7.2 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13483 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13483

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-03-11

CVE-2024-13481 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13481

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13479 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13479

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13478 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13478

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13489 - Ltl Freight Quotes Plugin

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Ltl Freight Quotes

CVE-2024-13489

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-05-24

CVE-2024-13592 - Team Builder For Wpbakery Page Builder Plugin

The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

PLUGIN Team Builder For Wpbakery Page Builder

CVE-2024-13592

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-19

CVE-2024-13468 - Trash Duplicate And 301 Redirect Plugin

The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages.

PLUGIN Trash Duplicate And 301 Redirect

CVE-2024-13468

HIGH CVSS 7.5 2025-02-19
Open Full Technical Breakdown
Scroll to top