Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-13
CVE-2024-13124 - Photo Gallery By 10web Plugin
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Photo Gallery By 10web
CVE-2024-13124
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-10558 - Form Maker By 10web Plugin
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Form Maker By 10web
CVE-2024-10558
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-1972 - Import Export Wordpress Users Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
PLUGIN
Import Export Wordpress Users
CVE-2025-1972
Risk Score
Threat Entry
Updated 2025-03-26
CVE-2024-13922 - Order Export Order Import For Woocommerce Plugin
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
PLUGIN
Order Export Order Import For Woocommerce
CVE-2024-13922
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2025-1624 - Gdpr Cookie Compliance Plugin
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gdpr Cookie Compliance
CVE-2025-1624
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2025-1623 - Gdpr Cookie Compliance Plugin
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gdpr Cookie Compliance
CVE-2025-1623
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2025-1622 - Gdpr Cookie Compliance Plugin
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gdpr Cookie Compliance
CVE-2025-1622
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-13615 - Social Snap Plugin
The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Social Snap
CVE-2024-13615
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2025-1363 - Url Shortener Conversion Tracking Ab Testing Woocommerce Plugin
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Url Shortener Conversion Tracking Ab Testing Woocommerce
CVE-2025-1363
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10545 - Proofing And Plugin
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Proofing And
CVE-2024-10545
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13585 - Ajax Search Lite Plugin
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ajax Search Lite
CVE-2024-13585
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-13314 - Gallery By Wp Carousel Plugin
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Gallery By Wp Carousel
CVE-2024-13314
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-12173 - Master Slider Plugin
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Master Slider
CVE-2024-12173
Risk Score
Threat Entry
Updated 2025-05-26
CVE-2025-0692 - Simple Video Management System Plugin
The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Simple Video Management System
CVE-2025-0692
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13125 - Everest Forms Plugin
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Everest Forms
CVE-2024-13125
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-13121 - Restrict Content Plugin
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Restrict Content
CVE-2024-13121
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13116 - Crelly Slider Plugin
The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Crelly Slider
CVE-2024-13116
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-13450 - Contact Form Builder Plugin
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments.
PLUGIN
Contact Form Builder
CVE-2024-13450
Risk Score
Threat Entry
Updated 2025-05-08
CVE-2024-10562 - Form Maker By 10web Plugin
The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Form Maker By 10web
CVE-2024-10562
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-10102 - Slider In Rbs Image Gallery Plugin
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
PLUGIN
Slider In Rbs Image Gallery
CVE-2024-10102
Risk Score