Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-19
CVE-2024-5281 - Wp Affiliate Platform Plugin
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Wp Affiliate Platform
CVE-2024-5281
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-5079 - Before 10 Plugin
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 10
CVE-2024-5079
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5442 - Proofing And Plugin
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Proofing And
CVE-2024-5442
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5286 - Wp Affiliate Platform Plugin
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Wp Affiliate Platform
CVE-2024-5286
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-5280 - Wp Affiliate Platform Plugin
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack
PLUGIN
Wp Affiliate Platform
CVE-2024-5280
Risk Score
Threat Entry
Updated 2025-06-13
CVE-2024-4977 - Index Wp Mysql For Speed Plugin
The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Index Wp Mysql For Speed
CVE-2024-4977
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5028 - Cm Wordpress Search And Replace Plugin
The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Cm Wordpress Search And Replace
CVE-2024-5028
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4272 - Before 1 Plugin
The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Before 1
CVE-2024-4272
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4269 - Before 1 Plugin
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Before 1
CVE-2024-4269
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-5075 - Before 10 Plugin
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 10
CVE-2024-5075
Risk Score
Threat Entry
Updated 2025-05-02
CVE-2024-5033 - Before 4 Plugin
The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Before 4
CVE-2024-5033
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4752 - Before 2 Plugin
The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2024-4752
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3964 - Product Enquiry For Woocommerce Plugin
The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Product Enquiry For Woocommerce
CVE-2024-3964
Risk Score
Threat Entry
Updated 2025-05-02
CVE-2024-5074 - Before 10 Plugin
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 10
CVE-2024-5074
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-4602 - Embed Peertube Playlist Plugin
The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Embed Peertube Playlist
CVE-2024-4602
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-5002 - Before 20240516 Does Not Sanitise And Escape Some Of Its Settings Plugin
The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 20240516 Does Not Sanitise And Escape Some Of Its Settings
CVE-2024-5002
Risk Score
Threat Entry
Updated 2025-05-02
CVE-2024-5032 - Before 4 Plugin
The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 4
CVE-2024-5032
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-4217 - Shortcodes Ultimate Pro Plugin
The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.
PLUGIN
Shortcodes Ultimate Pro
CVE-2024-4217
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3710 - Image Photo Gallery Final Tiles Grid Plugin
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
PLUGIN
Image Photo Gallery Final Tiles Grid
CVE-2024-3710
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-3632 - Smart Image Gallery Plugin
The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Smart Image Gallery
CVE-2024-3632
Risk Score