Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 3381-3400 of 10866 records
Threat Entry Updated 2025-06-11

CVE-2024-6478 - Ctt Expresso Para Woocommerce Plugin

The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Ctt Expresso Para Woocommerce

CVE-2024-6478

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-6462 - Dl Yandex Metrika Plugin

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Dl Yandex Metrika

CVE-2024-6462

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-11-13

CVE-2024-4665 - Before 3 Plugin

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.

PLUGIN Before 3

CVE-2024-4665

MEDIUM CVSS 6.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-5440 - If So Dynamic Content Personalization Plugin

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN If So Dynamic Content Personalization

CVE-2024-5440

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-6335 - Tracking Code Manager Plugin

The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Tracking Code Manager

CVE-2024-6335

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-5026 - Cm Tooltip Glossary Plugin

The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Cm Tooltip Glossary

CVE-2024-5026

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-11-13

CVE-2024-3901 - Genesis Blocks Plugin

The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.

PLUGIN Genesis Blocks

CVE-2024-3901

MEDIUM CVSS 6.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-3062 - Save As Image Plugin By Pdfcrowd

The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Save As Image Plugin By Pdfcrowd

CVE-2024-3062

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2024-2869 - Easy Property Listings Plugin

The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Easy Property Listings

CVE-2024-2869

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-2643 - And Sticky Header For Any Plugin

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN And Sticky Header For Any

CVE-2024-2643

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-1663 - Ultimate Noindex Nofollow Tool Ii Plugin

The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Ultimate Noindex Nofollow Tool Ii

CVE-2024-1663

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-13865 - Through 4 Plugin

The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

PLUGIN Through 4

CVE-2024-13865

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-13828 - Through 1 Plugin

The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Through 1

CVE-2024-13828

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-13823 - 360 Product Rotation Plugin

The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

PLUGIN 360 Product Rotation

CVE-2024-13823

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-23

CVE-2024-13730 - Podlove Podcast Publisher Plugin

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Podlove Podcast Publisher

CVE-2024-13730

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-13727 - Before 2 Plugin

The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

PLUGIN Before 2

CVE-2024-13727

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-13619 - Before 8 Plugin

The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Before 8

CVE-2024-13619

MEDIUM CVSS 6.1 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-23

CVE-2024-13729 - Podlove Podcast Publisher Plugin

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Podlove Podcast Publisher

CVE-2024-13729

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-13621 - Gdpr Framework By Data443 Plugin

The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Gdpr Framework By Data443

CVE-2024-13621

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-13616 - Before 1 Plugin

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2024-13616

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Scroll to top