Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,044
Critical0
High3,044
Medium0
Reset
Showing 1501-1520 of 3044 records
Threat Entry Updated 2025-01-16

CVE-2025-23912 - WordPress Custom Sidebar Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3.

PLUGIN WordPress Custom Sidebar

CVE-2025-23912

HIGH CVSS 8.5 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2025-23842 - WordPress Gallery Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4.

PLUGIN WordPress Gallery Plugin

CVE-2025-23842

HIGH CVSS 7.1 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2025-23828 - WordPress Data Guard Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8.

PLUGIN WordPress Data Guard

CVE-2025-23828

HIGH CVSS 7.1 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-12614 - Passwords Manager Plugin

The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.

PLUGIN Passwords Manager

CVE-2024-12614

HIGH CVSS 7.5 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-12613 - Passwords Manager Plugin

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Passwords Manager

CVE-2024-12613

HIGH CVSS 7.5 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-11848 - Nitropack Plugin

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.

PLUGIN Nitropack

CVE-2024-11848

HIGH CVSS 8.1 2025-01-15
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-13351 - Social Proof Testimonials And Reviews By Repuso Plugin

The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Social Proof Testimonials And Reviews By Repuso

CVE-2024-13351

HIGH CVSS 7.2 2025-01-15
Open Full Technical Breakdown
Threat Entry Updated 2025-01-14

CVE-2025-0394 - WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg Plugin

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

CVE-2025-0394

HIGH CVSS 8.8 2025-01-14
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2024-12365 - W3 Total Cache Plugin

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on…

PLUGIN W3 Total Cache

CVE-2024-12365

HIGH CVSS 8.5 2025-01-14
Open Full Technical Breakdown
Threat Entry Updated 2025-05-08

CVE-2024-12274 - Appointment Booking Calendar Plugin And Scheduling

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).

PLUGIN Appointment Booking Calendar Plugin And Scheduling

CVE-2024-12274

HIGH CVSS 7.5 2025-01-13
Open Full Technical Breakdown
Threat Entry Updated 2025-01-11

CVE-2024-12627 - Woocommerce Popups Plugin

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system,…

PLUGIN Woocommerce Popups

CVE-2024-12627

HIGH CVSS 7.5 2025-01-11
Open Full Technical Breakdown
Threat Entry Updated 2025-01-11

CVE-2024-12404 - Internal Link Shortcode Plugin

The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Internal Link Shortcode

CVE-2024-12404

HIGH CVSS 7.5 2025-01-11
Open Full Technical Breakdown
Threat Entry Updated 2025-01-09

CVE-2025-22295 - WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through 8.0.5.

PLUGIN WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

CVE-2025-22295

HIGH CVSS 7.1 2025-01-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-09

CVE-2024-12848 - Skt Builder Plugin

The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.

PLUGIN Skt Builder

CVE-2024-12848

HIGH CVSS 8.8 2025-01-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-09

CVE-2024-12542 - Linkid Plugin

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.

PLUGIN Linkid

CVE-2024-12542

HIGH CVSS 8.6 2025-01-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-09

CVE-2024-12330 - Files Backup By Backup For Wp Plugin

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database.

PLUGIN Files Backup By Backup For Wp

CVE-2024-12330

HIGH CVSS 7.5 2025-01-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-11423 - And Use Advance Coupons With Personalized Templates Plugin

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.

PLUGIN And Use Advance Coupons With Personalized Templates

CVE-2024-11423

HIGH CVSS 7.5 2025-01-08
Open Full Technical Breakdown
Scroll to top