Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total201
Critical0
High0
Medium0
Reset
Showing 81-100 of 201 records
Threat Entry Updated 2025-11-13

CVE-2023-7297 - Through 1 Plugin

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 1

CVE-2023-7297

LOW CVSS 3.5 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-28

CVE-2025-3514 - Before 1 Plugin

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2025-3514

LOW CVSS 3.5 2025-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-05-28

CVE-2025-3513 - Before 1 Plugin

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2025-3513

LOW CVSS 3.5 2025-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2024-12273 - Calculated Fields Form Plugin

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Calculated Fields Form

CVE-2024-12273

LOW CVSS 3.5 2025-04-29
Open Full Technical Breakdown
Threat Entry Updated 2025-04-30

CVE-2025-0627 - And Taxonomy Manager Plugin

The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN And Taxonomy Manager

CVE-2025-0627

LOW CVSS 3.5 2025-04-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2024-9771 - Wp Recall Plugin

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Wp Recall

CVE-2024-9771

LOW CVSS 3.5 2025-04-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-30

CVE-2025-1525 - Ultimate Dashboard Plugin

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Ultimate Dashboard

CVE-2025-1525

LOW CVSS 3.5 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-04-30

CVE-2025-1524 - Ultimate Dashboard Plugin

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Ultimate Dashboard

CVE-2025-1524

LOW CVSS 3.5 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2025-1523 - Ultimate Dashboard Plugin

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Ultimate Dashboard

CVE-2025-1523

LOW CVSS 3.5 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2024-11924 - Icegram Express Formerly Known As Email Subscribers Plugin

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Icegram Express Formerly Known As Email Subscribers

CVE-2024-11924

LOW CVSS 3.5 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2025-1911 - Product Import Export For Woocommerce Plugin

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.

PLUGIN Product Import Export For Woocommerce

CVE-2025-1911

LOW CVSS 2.7 2025-03-26
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2024-12683 - Smart Maintenance Mode Plugin

The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Smart Maintenance Mode

CVE-2024-12683

LOW CVSS 3.5 2025-03-26
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2025-1452 - Before 2 Plugin

The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 2

CVE-2025-1452

LOW CVSS 3.5 2025-03-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-01

CVE-2024-13123 - Before 1 Plugin

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2024-13123

LOW CVSS 3.5 2025-03-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-01

CVE-2024-13122 - Before 1 Plugin

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2024-13122

LOW CVSS 3.5 2025-03-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2024-12769 - Simple Banner Plugin

The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Simple Banner

CVE-2024-12769

LOW CVSS 3.5 2025-03-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-03

CVE-2024-10560 - Form Maker By 10web Plugin

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Form Maker By 10web

CVE-2024-10560

LOW CVSS 3.5 2025-03-25
Open Full Technical Breakdown
Threat Entry Updated 2025-05-15

CVE-2024-10554 - Wordpress Wp Advanced Search Plugin

The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Wordpress Wp Advanced Search

CVE-2024-10554

LOW CVSS 3.5 2025-03-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-08

CVE-2025-1203 - And Carousel By Metaslider Plugin

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN And Carousel By Metaslider

CVE-2025-1203

LOW CVSS 3.5 2025-03-24
Open Full Technical Breakdown
Threat Entry Updated 2025-04-08

CVE-2025-1062 - And Carousel By Metaslider Plugin

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN And Carousel By Metaslider

CVE-2025-1062

LOW CVSS 3.5 2025-03-24
Open Full Technical Breakdown
Scroll to top