Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 5341-5360 of 10866 records
Threat Entry Updated 2024-11-01

CVE-2024-43270 - WordPress Core

Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.

CORE WordPress Core

CVE-2024-43270

MEDIUM CVSS 5.3 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2025-04-11

CVE-2024-39639 - Wordpress File Upload Plugin

Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.

PLUGIN Wordpress File Upload

CVE-2024-39639

MEDIUM CVSS 4.3 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-38792 - WordPress Core

Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.

CORE WordPress Core

CVE-2024-38792

MEDIUM CVSS 5.3 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-38690 - WordPress Core

Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.

CORE WordPress Core

CVE-2024-38690

MEDIUM CVSS 5.3 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-37226 - WordPress Core

Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.

CORE WordPress Core

CVE-2024-37226

MEDIUM CVSS 5.3 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-37218 - WordPress Core

Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0.

CORE WordPress Core

CVE-2024-37218

MEDIUM CVSS 4.3 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-10367 - Otter Blocks Plugin

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Otter Blocks

CVE-2024-10367

MEDIUM CVSS 6.4 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-10232 - Atomchat Plugin

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Atomchat

CVE-2024-10232

MEDIUM CVSS 6.4 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-07

CVE-2024-9655 - Gutenberg Blocks With Ai Plugin

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Gutenberg Blocks With Ai

CVE-2024-9655

MEDIUM CVSS 6.4 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-7424 - Multiple Pages Generator By Porthas Plugin

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.

PLUGIN Multiple Pages Generator By Porthas

CVE-2024-7424

MEDIUM CVSS 5.4 2024-11-01
Open Full Technical Breakdown
Threat Entry Updated 2025-07-11

CVE-2024-6479 - Sip Reviews Shortcode For Woocommerce Plugin

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Sip Reviews Shortcode For Woocommerce

CVE-2024-6479

MEDIUM CVSS 6.5 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-07-11

CVE-2024-6480 - Sip Reviews Shortcode For Woocommerce Plugin

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Sip Reviews Shortcode For Woocommerce

CVE-2024-6480

MEDIUM CVSS 6.4 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-9446 - Wp Simple Anchors Links Plugin

The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Simple Anchors Links

CVE-2024-9446

MEDIUM CVSS 6.4 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-9434 - Wpglobus Translate Options Plugin

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wpglobus Translate Options

CVE-2024-9434

MEDIUM CVSS 6.1 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-9430 - Get A Quote For Woocommerce Plugin

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents.

PLUGIN Get A Quote For Woocommerce

CVE-2024-9430

MEDIUM CVSS 5.3 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-9165 - Gift Voucher Plugin

The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Gift Voucher

CVE-2024-9165

MEDIUM CVSS 6.4 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-25

CVE-2024-9700 - Forminator Forms Plugin

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. This makes it possible for unauthenticated attackers to modify other user's quiz submissions.

PLUGIN Forminator Forms

CVE-2024-9700

MEDIUM CVSS 5.3 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-25

CVE-2024-9708 - Easy Svg Upload Plugin

The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Easy Svg Upload

CVE-2024-9708

MEDIUM CVSS 6.4 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-01

CVE-2024-10544 - Woo Manage Fraud Orders Plugin

The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.

PLUGIN Woo Manage Fraud Orders

CVE-2024-10544

MEDIUM CVSS 5.3 2024-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-03-24

CVE-2024-9388 - Black Widgets For Elementor Plugin

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Black Widgets For Elementor

CVE-2024-9388

MEDIUM CVSS 6.4 2024-10-30
Open Full Technical Breakdown
Scroll to top