Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-04
CVE-2024-8620 - Mappress Maps For Plugin
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Mappress Maps For
CVE-2024-8620
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8619 - Ajax Search Lite Plugin
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ajax Search Lite
CVE-2024-8619
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8618 - Before 1 Plugin
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-8618
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8286 - Webtoffee Gdpr Cookie Consent Plugin
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks
PLUGIN
Webtoffee Gdpr Cookie Consent
CVE-2024-8286
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8397 - Webtoffee Gdpr Cookie Consent Plugin
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.
PLUGIN
Webtoffee Gdpr Cookie Consent
CVE-2024-8397
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8617 - Before 6 Plugin
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 6
CVE-2024-8617
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8542 - Everest Forms Plugin
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Everest Forms
CVE-2024-8542
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8493 - Events Calendar Plugin
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Events Calendar
CVE-2024-8493
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8492 - Through 7 Plugin
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 7
CVE-2024-8492
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8426 - Before 1 Plugin
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 1
CVE-2024-8426
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8284 - Download Manager Plugin
The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Download Manager
CVE-2024-8284
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8187 - Smart Post Show Plugin
The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Smart Post Show
CVE-2024-8187
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8398 - Simple Nav Archives Plugin
The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Simple Nav Archives
CVE-2024-8398
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8245 - Before 1 Plugin
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Before 1
CVE-2024-8245
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8094 - Ntz Antispam Plugin
The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Ntz Antispam
CVE-2024-8094
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8031 - Secure Downloads Plugin
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.
PLUGIN
Secure Downloads
CVE-2024-8031
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8095 - Through 1 Plugin
The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8095
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8090 - Javascript Logic Plugin
The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Javascript Logic
CVE-2024-8090
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8085 - Through 1 Plugin
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 1
CVE-2024-8085
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8032 - Smooth Gallery Replacement Plugin
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Smooth Gallery Replacement
CVE-2024-8032
Risk Score