Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-3563 - Genesis Blocks Plugin
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Genesis Blocks
CVE-2024-3563
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3228 - Kiwi Plugin
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.
PLUGIN
Kiwi
CVE-2024-3228
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5881 - Webico Slider Flatsome Addons Plugin
The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Webico Slider Flatsome Addons
CVE-2024-5881
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-6334 - Easy Table Of Contents Plugin
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Easy Table Of Contents
CVE-2024-6334
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-5802 - Url Shortener Plugin
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Url Shortener
CVE-2024-5802
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3410 - Dn Footer Contacts Plugin
The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Dn Footer Contacts
CVE-2024-3410
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6171 - Unlimited Elements For Elementor Free Widgets Addons Templates Plugin
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets.
PLUGIN
Unlimited Elements For Elementor Free Widgets Addons Templates
CVE-2024-6171
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6170 - Unlimited Elements For Elementor Free Widgets Addons Templates Plugin
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Unlimited Elements For Elementor Free Widgets Addons Templates
CVE-2024-6170
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6169 - Unlimited Elements For Elementor Free Widgets Addons Templates Plugin
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Unlimited Elements For Elementor Free Widgets Addons Templates
CVE-2024-6169
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4667 - Blog Posts And Category For Elementor Plugin
The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Blog Posts And Category For Elementor
CVE-2024-4667
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5855 - WordPress Core
The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.
CORE
WordPress Core
CVE-2024-5855
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5641 - One Click Order Re Order Plugin
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ced_ocor_save_general_setting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the plugin settings, including adding stored cross-site scripting.
PLUGIN
One Click Order Re Order
CVE-2024-5641
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3639 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-3639
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3638 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-3638
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2926 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-2926
Risk Score
Threat Entry
Updated 2024-12-06
CVE-2024-38344 - Wp Tweet Walls Plugin
A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.
PLUGIN
Wp Tweet Walls
CVE-2024-38344
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6340 - Premium Addons For Elementor Plugin
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Premium Addons For Elementor
CVE-2024-6340
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6263 - Wp Lightbox 2 Plugin
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Lightbox 2
CVE-2024-6263
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4482 - Plus Addons For Elementor Plugin
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied 'text_days' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Plus Addons For Elementor
CVE-2024-4482
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2375 - Wpqa Builder Plugin
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
PLUGIN
Wpqa Builder
CVE-2024-2375
Risk Score