Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-11
CVE-2024-12726 - Through 0 Plugin
The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 0
CVE-2024-12726
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-12725 - Clasify Classified Listing Plugin
The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Clasify Classified Listing
CVE-2024-12725
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-12724 - Through 1 Plugin
The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-12724
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-12722 - Twitter Bootstrap Collapse Aka Accordian Shortcode Plugin
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Twitter Bootstrap Collapse Aka Accordian Shortcode
CVE-2024-12722
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-12739 - Mobile Contact Bar Plugin
The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Mobile Contact Bar
CVE-2024-12739
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-12716 - Before 20250114 Does Not Sanitise And Escape Some Of Its Settings Plugin
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 20250114 Does Not Sanitise And Escape Some Of Its Settings
CVE-2024-12716
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-12680 - Before 1 Plugin
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-12680
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-12301 - Jsp Store Locator Plugin
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
PLUGIN
Jsp Store Locator
CVE-2024-12301
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-12282 - Through 2 Plugin
The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Through 2
CVE-2024-12282
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11719 - Tarteaucitron Wp Plugin
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Tarteaucitron Wp
CVE-2024-11719
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11718 - Tarteaucitron Wp Plugin
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Tarteaucitron Wp
CVE-2024-11718
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11502 - Planning Center Online Giving Plugin
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Planning Center Online Giving
CVE-2024-11502
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-12679 - Before 1 Plugin
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-12679
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11843 - Through 1 Plugin
The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-11843
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11373 - Connexion Logs Plugin
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Connexion Logs
CVE-2024-11373
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11141 - Sailthru Triggermail Plugin
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Sailthru Triggermail
CVE-2024-11141
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11266 - Geocache Stat Bar Widget Plugin
The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Geocache Stat Bar Widget
CVE-2024-11266
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11221 - Background Image Slideshow Plugin
The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Background Image Slideshow
CVE-2024-11221
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11190 - Jwp A11y Plugin
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Jwp A11y
CVE-2024-11190
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11189 - Social Share And Social Locker Plugin
The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Social Share And Social Locker
CVE-2024-11189
Risk Score