Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-02
CVE-2025-1623 - Gdpr Cookie Compliance Plugin
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gdpr Cookie Compliance
CVE-2025-1623
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2025-1622 - Gdpr Cookie Compliance Plugin
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gdpr Cookie Compliance
CVE-2025-1622
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-13615 - Social Snap Plugin
The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Social Snap
CVE-2024-13615
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-1363 - Url Shortener Conversion Tracking Ab Testing Woocommerce Plugin
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Url Shortener Conversion Tracking Ab Testing Woocommerce
CVE-2025-1363
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10545 - Proofing And Plugin
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Proofing And
CVE-2024-10545
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13585 - Ajax Search Lite Plugin
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ajax Search Lite
CVE-2024-13585
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13314 - Gallery By Wp Carousel Plugin
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gallery By Wp Carousel
CVE-2024-13314
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-12173 - Master Slider Plugin
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Master Slider
CVE-2024-12173
Risk Score
Threat Entry
Updated 2025-05-26
CVE-2025-0692 - Simple Video Management System Plugin
The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Simple Video Management System
CVE-2025-0692
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13125 - Everest Forms Plugin
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Everest Forms
CVE-2024-13125
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13121 - Restrict Content Plugin
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Restrict Content
CVE-2024-13121
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13116 - Crelly Slider Plugin
The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Crelly Slider
CVE-2024-13116
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-13450 - Contact Form Builder Plugin
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments.
PLUGIN
Contact Form Builder
CVE-2024-13450
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-10562 - Form Maker By 10web Plugin
The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Form Maker By 10web
CVE-2024-10562
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-10102 - Slider In Rbs Image Gallery Plugin
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
PLUGIN
Slider In Rbs Image Gallery
CVE-2024-10102
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-10527 - Spacer Plugin
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.
PLUGIN
Spacer
CVE-2024-10527
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-9654 - Easy Digital Downloads Plugin
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they…
PLUGIN
Easy Digital Downloads
CVE-2024-9654
Risk Score
Threat Entry
Updated 2024-12-13
CVE-2024-12300 - Ar For Wordpress Plugin
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging a double extension attack. It's important to note the file is deleted immediately and double extension attacks only work on select servers making this unlikely to be successfully exploited.
PLUGIN
Ar For Wordpress
CVE-2024-12300
Risk Score
Threat Entry
Updated 2024-12-09
CVE-2023-28168 - WordPress Console Plugin
Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.
PLUGIN
WordPress Console
CVE-2023-28168
Risk Score
Threat Entry
Updated 2024-12-09
CVE-2023-24375 - WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14.
PLUGIN
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)
CVE-2023-24375
Risk Score