Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2022-1688 - Note Press Plugin
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
PLUGIN
Note Press
CVE-2022-1688
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1687 - Logo Slider Plugin
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
PLUGIN
Logo Slider
CVE-2022-1687
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1686 - Five Minute Webshop Plugin
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection
PLUGIN
Five Minute Webshop
CVE-2022-1686
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1684 - Cube Slider Plugin
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin
PLUGIN
Cube Slider
CVE-2022-1684
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-29432 - Wpdatatables Plugin
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin
PLUGIN
Wpdatatables
CVE-2022-29432
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-29423 - Countdown Builder Plugin
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin
PLUGIN
Countdown Builder
CVE-2022-29423
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-36844 - Wp Subscribe Plugin
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin
PLUGIN
Wp Subscribe
CVE-2021-36844
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-23984 - Wpdiscuz Plugin
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions
PLUGIN
Wpdiscuz
CVE-2022-23984
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0279 - Before 0 Plugin
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
PLUGIN
Before 0
CVE-2022-0279
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25075 - Duplicate Page Or Post Plugin
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues
PLUGIN
Duplicate Page Or Post
CVE-2021-25075
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25109 - Futurio Extra Plugin
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
PLUGIN
Futurio Extra
CVE-2021-25109
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25014 - Before 1 Plugin
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.
PLUGIN
Before 1
CVE-2021-25014
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-23174 - Download Monitor Plugin
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions
PLUGIN
Download Monitor
CVE-2021-23174
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-36889 - Tarteaucitron Js Cookies Legislation Gdpr Plugin
Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions
PLUGIN
Tarteaucitron Js Cookies Legislation Gdpr
CVE-2021-36889
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24371 - Import Feature Of The Rsvpmaker Plugin
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.
PLUGIN
Import Feature Of The Rsvpmaker
CVE-2021-24371
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24242 - Elearning And Online Course Solution Plugin
The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
PLUGIN
Elearning And Online Course Solution
CVE-2021-24242
Risk Score