Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 3441-3460 of 10866 records
Threat Entry Updated 2025-06-09

CVE-2024-10631 - Countdown Timer For Wordpress Block Editor Plugin

The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Countdown Timer For Wordpress Block Editor

CVE-2024-10631

MEDIUM CVSS 6.5 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2024-10818 - Jsfiddle Shortcode Plugin

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Jsfiddle Shortcode

CVE-2024-10818

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10504 - Popup Form Builder Plugin

The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

PLUGIN Popup Form Builder

CVE-2024-10504

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-11109 - Wp Google Review Slider Plugin

The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Wp Google Review Slider

CVE-2024-11109

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2024-10639 - Auto Prune Posts Plugin

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Auto Prune Posts

CVE-2024-10639

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2024-10632 - Nokaut Offers Box Plugin

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Nokaut Offers Box

CVE-2024-10632

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2024-10475 - Lead Generation Plugin

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Lead Generation

CVE-2024-10475

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2024-10362 - Social Sharing Icons Plugin

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Social Sharing Icons

CVE-2024-10362

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2024-10149 - Social Slider Feed Plugin

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Social Slider Feed

CVE-2024-10149

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2024-10677 - Through 2 Plugin

The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 2

CVE-2024-10677

MEDIUM CVSS 4.3 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-09

CVE-2024-10634 - Nokaut Offers Box Plugin

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack

PLUGIN Nokaut Offers Box

CVE-2024-10634

MEDIUM CVSS 4.3 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10076 - Jetpack Boost Plugin

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks

PLUGIN Jetpack Boost

CVE-2024-10076

MEDIUM CVSS 5.9 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10075 - Before 13 Plugin

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.

PLUGIN Before 13

CVE-2024-10075

MEDIUM CVSS 5.6 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10145 - Before 1 Plugin

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2024-10145

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10144 - Slider In Rbs Image Gallery Plugin

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Slider In Rbs Image Gallery

CVE-2024-10144

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2024-10143 - Custom Taxonomies Plugin

The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Custom Taxonomies

CVE-2024-10143

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10107 - Giveaways And Contests By Rafflepress Plugin

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Giveaways And Contests By Rafflepress

CVE-2024-10107

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-10054 - Before 1 Plugin

The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 1

CVE-2024-10054

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-11

CVE-2024-10009 - Melapress File Monitor Plugin

The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

PLUGIN Melapress File Monitor

CVE-2024-10009

MEDIUM CVSS 4.1 2025-05-15
Open Full Technical Breakdown
Scroll to top