Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-12
CVE-2024-9663 - Before 2 Plugin
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9663
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2025-0329 - Ai Chatbot For Wordpress Plugin
The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ai Chatbot For Wordpress
CVE-2025-0329
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9882 - Small Businesses Plugin
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Small Businesses
CVE-2024-9882
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2024-9450 - Restaurants And Car Rentals Plugin
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack
PLUGIN
Restaurants And Car Rentals
CVE-2024-9450
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9662 - Before 2 Plugin
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9662
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9645 - Post Masonry Plugin
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Post Masonry
CVE-2024-9645
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9599 - Before 4 Plugin
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 4
CVE-2024-9599
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9238 - Avif Uploader Plugin
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Avif Uploader
CVE-2024-9238
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8854 - Before 1 Plugin
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
PLUGIN
Before 1
CVE-2024-8854
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9390 - Before 6 Plugin
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 6
CVE-2024-9390
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9236 - Before 4 Plugin
The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 4
CVE-2024-9236
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-9227 - Powerpress Podcasting Plugin By Blubrry
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Powerpress Podcasting Plugin By Blubrry
CVE-2024-9227
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9182 - Before 2 Plugin
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Before 2
CVE-2024-9182
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9233 - Before 3 Plugin
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Before 3
CVE-2024-9233
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-8703 - Before 1 Plugin
The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs.
PLUGIN
Before 1
CVE-2024-8703
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8851 - Before 1 Plugin
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
PLUGIN
Before 1
CVE-2024-8851
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8759 - Nested Pages Plugin
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Nested Pages
CVE-2024-8759
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8702 - Backup Database Plugin
The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Backup Database
CVE-2024-8702
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8701 - Events Calendar Plugin
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Events Calendar
CVE-2024-8701
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8670 - Photo Gallery By 10web Plugin
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Photo Gallery By 10web
CVE-2024-8670
Risk Score