Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-29
CVE-2024-9771 - Before 16 Plugin
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 16
CVE-2024-9771
Risk Score
Threat Entry
Updated 2025-04-30
CVE-2025-1525 - Ultimate Dashboard Plugin
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ultimate Dashboard
CVE-2025-1525
Risk Score
Threat Entry
Updated 2025-04-30
CVE-2025-1524 - Ultimate Dashboard Plugin
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ultimate Dashboard
CVE-2025-1524
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2025-1523 - Ultimate Dashboard Plugin
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ultimate Dashboard
CVE-2025-1523
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2024-11924 - Icegram Express Formerly Known As Email Subscribers Plugin
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Icegram Express Formerly Known As Email Subscribers
CVE-2024-11924
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-1911 - Product Import Export For Woocommerce Plugin
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
PLUGIN
Product Import Export For Woocommerce
CVE-2025-1911
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-12683 - Smart Maintenance Mode Plugin
The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Smart Maintenance Mode
CVE-2024-12683
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2025-1452 - Before 2 Plugin
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2025-1452
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2024-13123 - Before 1 Plugin
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-13123
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2024-13122 - Before 1 Plugin
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-13122
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2024-12769 - Simple Banner Plugin
The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Simple Banner
CVE-2024-12769
Risk Score
Threat Entry
Updated 2025-04-03
CVE-2024-10560 - Form Maker By 10web Plugin
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Form Maker By 10web
CVE-2024-10560
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10554 - Wordpress Wp Advanced Search Plugin
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Wordpress Wp Advanced Search
CVE-2024-10554
Risk Score
Threat Entry
Updated 2025-04-08
CVE-2025-1203 - And Carousel By Metaslider Plugin
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
And Carousel By Metaslider
CVE-2025-1203
Risk Score
Threat Entry
Updated 2025-04-08
CVE-2025-1062 - And Carousel By Metaslider Plugin
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
And Carousel By Metaslider
CVE-2025-1062
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13124 - Photo Gallery By 10web Plugin
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Photo Gallery By 10web
CVE-2024-13124
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-10558 - Form Maker By 10web Plugin
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Form Maker By 10web
CVE-2024-10558
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-1972 - Import Export Wordpress Users Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
PLUGIN
Import Export Wordpress Users
CVE-2025-1972
Risk Score
Threat Entry
Updated 2025-03-26
CVE-2024-13922 - Order Export Order Import For Woocommerce Plugin
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
PLUGIN
Order Export Order Import For Woocommerce
CVE-2024-13922
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2025-1624 - Gdpr Cookie Compliance Plugin
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gdpr Cookie Compliance
CVE-2025-1624
Risk Score