Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 6201-6220 of 10866 records
Threat Entry Updated 2025-06-04

CVE-2024-2870 - Socialdriver Framework Plugin

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Socialdriver Framework

CVE-2024-2870

MEDIUM CVSS 6.1 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-3753 - Before 1 Plugin

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 1

CVE-2024-3753

MEDIUM CVSS 5.9 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-15

CVE-2024-3026 - Wordpress Button Plugin Maxbuttons

The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks

PLUGIN Wordpress Button Plugin Maxbuttons

CVE-2024-3026

MEDIUM CVSS 5.4 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-3751 - Seriously Simple Podcasting Plugin

The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Seriously Simple Podcasting

CVE-2024-3751

MEDIUM CVSS 4.8 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-3919 - Openpgp Form Encryption For Plugin

The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Openpgp Form Encryption For

CVE-2024-3919

MEDIUM CVSS 4.6 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-38704 - WordPress Core

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n/a through 2.1.12.

CORE WordPress Core

CVE-2024-38704

MEDIUM CVSS 6.5 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-37941 - WordPress Core

Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.

CORE WordPress Core

CVE-2024-37941

MEDIUM CVSS 4.3 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-6495 - Premium Addons For Elementor Plugin

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Premium Addons For Elementor

CVE-2024-6495

MEDIUM CVSS 6.4 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-6625 - Complete Branding Solution For Wordpress Plugin

The WP Total Branding – Complete branding solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Complete Branding Solution For Wordpress

CVE-2024-6625

MEDIUM CVSS 5.5 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-6588 - Powerpress Podcasting Plugin By Blubrry

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_url’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Powerpress Podcasting Plugin By Blubrry

CVE-2024-6588

MEDIUM CVSS 6.4 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-6555 - Wordpress Popup Builder Plugin

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

PLUGIN Wordpress Popup Builder

CVE-2024-6555

MEDIUM CVSS 5.3 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-5626 - Inline Related Posts Plugin

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Inline Related Posts

CVE-2024-5626

MEDIUM CVSS 6.1 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-5811 - Simple Video Directory Plugin

The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Simple Video Directory

CVE-2024-5811

MEDIUM CVSS 5.4 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4753 - Wp Secure Maintenance Plugin

The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Wp Secure Maintenance

CVE-2024-4753

MEDIUM CVSS 4.8 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2640 - Before 3 Plugin

The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Before 3

CVE-2024-2640

MEDIUM CVSS 5.4 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2430 - Website Content In Page Or Post Plugin

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Website Content In Page Or Post

CVE-2024-2430

MEDIUM CVSS 5.4 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3112 - Quotes And Tips By Bestwebsoft Plugin

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

PLUGIN Quotes And Tips By Bestwebsoft

CVE-2024-3112

MEDIUM CVSS 4.8 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-2696 - Socialdriver Framework Plugin

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Socialdriver Framework

CVE-2024-2696

MEDIUM CVSS 4.8 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2025-06-10

CVE-2024-0974 - Social Media Widget Plugin

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Social Media Widget

CVE-2024-0974

MEDIUM CVSS 4.8 2024-07-12
Open Full Technical Breakdown
Scroll to top