Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 3181-3200 of 10866 records
Threat Entry Updated 2025-07-14

CVE-2024-9994 - Essential Addons For Elementor Lite Plugin

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor Lite

CVE-2024-9994

MEDIUM CVSS 6.4 2025-06-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-14

CVE-2024-9993 - Essential Addons For Elementor Lite Plugin

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor Lite

CVE-2024-9993

MEDIUM CVSS 6.4 2025-06-07
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2025-5814 - Profiler What Slowing Down Plugin

The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.

PLUGIN Profiler What Slowing Down

CVE-2025-5814

MEDIUM CVSS 5.3 2025-06-07
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-49419 - WordPress Core

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.

CORE WordPress Core

CVE-2025-49419

MEDIUM CVSS 5.5 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-49329 - WordPress Core

Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.

CORE WordPress Core

CVE-2025-49329

MEDIUM CVSS 6.6 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-30977 - Chatbots Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress – Chaport allows Stored XSS. This issue affects WP Live Chat + Chatbots Plugin for WordPress – Chaport: from n/a through 1.1.5.

PLUGIN Chatbots

CVE-2025-30977

MEDIUM CVSS 5.9 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-30938 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n/a through 3.0.2.

CORE WordPress Core

CVE-2025-30938

MEDIUM CVSS 5.9 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5239 - Domain For Sale Plugin

The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Domain For Sale

CVE-2025-5239

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5760 - Simple History Plugin

The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user…

PLUGIN Simple History

CVE-2025-5760

MEDIUM CVSS 4.9 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-07-15

CVE-2025-5703 - Stageshow Plugin

The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Stageshow

CVE-2025-5703

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5686 - Paged Gallery Plugin

The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Paged Gallery

CVE-2025-5686

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5699 - Developer Formatter Plugin

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Developer Formatter

CVE-2025-5699

MEDIUM CVSS 5.5 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5563 - Wp Addpub Plugin

The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Wp Addpub

CVE-2025-5563

MEDIUM CVSS 6.5 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5586 - Cpt Ajax Load More Plugin

The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Cpt Ajax Load More

CVE-2025-5586

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5565 - Hide It Plugin

The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Hide It

CVE-2025-5565

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5541 - Runners Log Plugin

The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Runners Log

CVE-2025-5541

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5538 - Bns Featured Category Plugin

The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Bns Featured Category

CVE-2025-5538

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5536 - Wp Freemind Plugin

The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Freemind

CVE-2025-5536

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5534 - Esv Bible Shortcode For Wordpress Plugin

The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Esv Bible Shortcode For Wordpress

CVE-2025-5534

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-06

CVE-2025-5533 - Knowledge Base Plugin

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Knowledge Base

CVE-2025-5533

MEDIUM CVSS 6.4 2025-06-06
Open Full Technical Breakdown
Scroll to top