Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-10-15
CVE-2024-9685 - Notification For Telegram Plugin
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings.
PLUGIN
Notification For Telegram
CVE-2024-9685
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9457 - Wp Builder Plugin
The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Wp Builder
CVE-2024-9457
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9377 - Products Order Customers Export For Woocommerce Plugin
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Products Order Customers Export For Woocommerce
CVE-2024-9377
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9072 - Consent Manager Plugin
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Consent Manager
CVE-2024-9072
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9066 - Marketing And Seo Booster Plugin
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Marketing And Seo Booster
CVE-2024-9066
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9064 - Elementor Inline Svg Plugin
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Elementor Inline Svg
CVE-2024-9064
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9205 - Maximum Products Per User For Woocommerce Plugin
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Maximum Products Per User For Woocommerce
CVE-2024-9205
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9065 - Wp Helper Premium Plugin
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient.
PLUGIN
Wp Helper Premium
CVE-2024-9065
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-9057 - Curator Io Plugin
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Curator Io
CVE-2024-9057
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-8987 - Youzify Plugin
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Youzify
CVE-2024-8987
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-8729 - Easy Social Share Buttons Plugin
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Easy Social Share Buttons
CVE-2024-8729
Risk Score
Threat Entry
Updated 2024-10-15
CVE-2024-8513 - Qa Analytics Plugin
The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
PLUGIN
Qa Analytics
CVE-2024-8513
Risk Score
Threat Entry
Updated 2024-10-10
CVE-2024-9451 - Embed Pdf Viewer Plugin
The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Embed Pdf Viewer
CVE-2024-9451
Risk Score
Threat Entry
Updated 2024-10-10
CVE-2024-9449 - Auto Iframe Plugin
The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Auto Iframe
CVE-2024-9449
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-5968 - Photo Gallery By 10web Plugin
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Photo Gallery By 10web
CVE-2024-5968
Risk Score
Threat Entry
Updated 2024-10-10
CVE-2024-7963 - Cmsmasters Content Composer Plugin
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Cmsmasters Content Composer
CVE-2024-7963
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-8482 - Royal Elementor Addons Plugin
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Royal Elementor Addons
CVE-2024-8482
Risk Score
Threat Entry
Updated 2024-10-10
CVE-2024-8431 - Robo Gallery Plugin
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.
PLUGIN
Robo Gallery
CVE-2024-8431
Risk Score
Threat Entry
Updated 2024-10-10
CVE-2024-9207 - Buddypress Docs Plugin
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Buddypress Docs
CVE-2024-9207
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2024-8488 - Survey Maker Plugin
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Survey Maker
CVE-2024-8488
Risk Score