Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 5041-5060 of 10866 records
Threat Entry Updated 2025-02-10

CVE-2024-52478 - Jobify Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

PLUGIN Jobify

CVE-2024-52478

MEDIUM CVSS 6.5 2024-12-02
Open Full Technical Breakdown
Threat Entry Updated 2025-02-10

CVE-2024-52479 - Jobify Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

PLUGIN Jobify

CVE-2024-52479

MEDIUM CVSS 4.3 2024-12-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-30

CVE-2024-53788 - WordPress Core

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.

CORE WordPress Core

CVE-2024-53788

MEDIUM CVSS 5.9 2024-11-30
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2024-11252 - Sassy Social Share Plugin

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Sassy Social Share

CVE-2024-11252

MEDIUM CVSS 6.1 2024-11-30
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-10980 - Before 5 Plugin

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Before 5

CVE-2024-10980

MEDIUM CVSS 5.4 2024-11-29
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-10704 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Photo Gallery By 10web

CVE-2024-10704

MEDIUM CVSS 4.8 2024-11-29
Open Full Technical Breakdown
Threat Entry Updated 2025-07-15

CVE-2024-7747 - Terawallet Plugin

The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is…

PLUGIN Terawallet

CVE-2024-7747

MEDIUM CVSS 6.5 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-03-04

CVE-2024-10798 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.

PLUGIN Royal Elementor Addons

CVE-2024-10798

MEDIUM CVSS 4.3 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-07-14

CVE-2024-10780 - Restaurant Cafe Addon For Elementor Plugin

The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

PLUGIN Restaurant Cafe Addon For Elementor

CVE-2024-10780

MEDIUM CVSS 4.3 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-11

CVE-2024-10670 - Primary Addon For Elementor Plugin

The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to.

PLUGIN Primary Addon For Elementor

CVE-2024-10670

MEDIUM CVSS 4.3 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11788 - Streamweasels Youtube Integration Plugin

The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Streamweasels Youtube Integration

CVE-2024-11788

MEDIUM CVSS 6.4 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11786 - Login With Vipps Plugin

The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Login With Vipps

CVE-2024-11786

MEDIUM CVSS 6.4 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11761 - Legalweb Cloud Plugin

The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Legalweb Cloud

CVE-2024-11761

MEDIUM CVSS 6.4 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11431 - Ragic Shortcode Plugin

The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ragic Shortcode

CVE-2024-11431

MEDIUM CVSS 6.4 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11333 - Hls Player Plugin

The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Hls Player

CVE-2024-11333

MEDIUM CVSS 6.4 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-11

CVE-2024-11203 - Embedpress Plugin

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Embedpress

CVE-2024-11203

MEDIUM CVSS 6.4 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-07-16

CVE-2024-11685 - Kudos Donations Plugin

The `Kudos Donations – Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.

PLUGIN Kudos Donations

CVE-2024-11685

MEDIUM CVSS 6.1 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-07-14

CVE-2024-11684 - Kudos Donations Plugin

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Kudos Donations

CVE-2024-11684

MEDIUM CVSS 6.1 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11458 - Faq Builder Ays Plugin

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Faq Builder Ays

CVE-2024-11458

MEDIUM CVSS 6.1 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11366 - Seo Landing Page Generator Plugin

The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Seo Landing Page Generator

CVE-2024-11366

MEDIUM CVSS 6.1 2024-11-28
Open Full Technical Breakdown
Scroll to top