Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 4801-4820 of 10866 records
Threat Entry Updated 2024-12-14

CVE-2024-11883 - Connatix Video Embed Plugin

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Connatix Video Embed

CVE-2024-11883

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11877 - Cricket Score Plugin

The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Cricket Score

CVE-2024-11877

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11876 - Kredeum Nfts Plugin

The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Kredeum Nfts

CVE-2024-11876

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11873 - Glomex Oembed Plugin

The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Glomex Oembed

CVE-2024-11873

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11869 - Buk Appointments Plugin

The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Buk Appointments

CVE-2024-11869

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11867 - Companion Portfolio Plugin

The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Companion Portfolio

CVE-2024-11867

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11865 - Tabs Maker Plugin

The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Tabs Maker

CVE-2024-11865

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11855 - Koalendar Free Booking Widget Plugin

The Koalendar – Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Koalendar Free Booking Widget

CVE-2024-11855

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11770 - Post Types Carousel Slider Plugin

The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Post Types Carousel Slider

CVE-2024-11770

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11763 - Plezi Plugin

The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Plezi

CVE-2024-11763

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11759 - Bukza Plugin

The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Bukza

CVE-2024-11759

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11755 - Ims Countdown Plugin

The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ims Countdown

CVE-2024-11755

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11751 - Tcbd Popover Plugin

The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Tcbd Popover

CVE-2024-11751

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11095 - Visualmodo Elements Plugin

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Visualmodo Elements

CVE-2024-11095

MEDIUM CVSS 6.4 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-14

CVE-2024-11462 - Filestack Upload Plugin

The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Filestack Upload

CVE-2024-11462

MEDIUM CVSS 6.1 2024-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2024-54326 - WordPress Core

Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through 4.5.0.4.

CORE WordPress Core

CVE-2024-54326

MEDIUM CVSS 6.5 2024-12-13
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2024-54321 - WordPress Core

Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support – WordPress Help Desk allows Cross Site Request Forgery.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.2.

CORE WordPress Core

CVE-2024-54321

MEDIUM CVSS 4.3 2024-12-13
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2024-54272 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks – WordPress Gutenberg Blocks: from n/a through 2.1.2.

CORE WordPress Core

CVE-2024-54272

MEDIUM CVSS 6.5 2024-12-13
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2023-41951 - rtMedia for WordPress, BuddyPress and bbPress Plugin

Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.

PLUGIN rtMedia for WordPress, BuddyPress and bbPress

CVE-2023-41951

MEDIUM CVSS 4.3 2024-12-13
Open Full Technical Breakdown
Threat Entry Updated 2024-12-13

CVE-2023-33928 - WordPress Backup & Migration Plugin

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0.

PLUGIN WordPress Backup & Migration

CVE-2023-33928

MEDIUM CVSS 4.3 2024-12-13
Open Full Technical Breakdown
Scroll to top