Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 6601-6620 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-49852 - Responsive Slick Slider WordPress Plugin

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4.

PLUGIN Responsive Slick Slider WordPress

CVE-2023-49852

MEDIUM CVSS 6.5 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-01-27

CVE-2024-4637 - Slider Revolution Plugin

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Slider Revolution

CVE-2024-4637

MEDIUM CVSS 6.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-01-27

CVE-2024-4581 - Slider Revolution Plugin

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation of this vulnerability requires an Administrator to give Slider Creation privileges to Author-level users.

PLUGIN Slider Revolution

CVE-2024-4581

MEDIUM CVSS 6.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-5485 - Suretriggers Plugin

The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Suretriggers

CVE-2024-5485

MEDIUM CVSS 6.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-06-30

CVE-2023-34001 - Hide My Wp Ghost Plugin

Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.

PLUGIN Hide My Wp Ghost

CVE-2023-34001

MEDIUM CVSS 5.3 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2024-4857 - Fs Product Inquiry Plugin

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

PLUGIN Fs Product Inquiry

CVE-2024-4857

MEDIUM CVSS 6.1 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4997 - Wpupper Share Buttons Plugin

The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.

PLUGIN Wpupper Share Buttons

CVE-2024-4997

MEDIUM CVSS 5.3 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-01-30

CVE-2024-4697 - Cowidgets Elementor Addons Plugin

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Cowidgets Elementor Addons

CVE-2024-4697

MEDIUM CVSS 6.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-06-30

CVE-2024-4750 - Buddyboss Platform Plugin

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request

PLUGIN Buddyboss Platform

CVE-2024-4750

MEDIUM CVSS 5.3 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4462 - Nafeza Prayer Time Plugin

The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Nafeza Prayer Time

CVE-2024-4462

MEDIUM CVSS 4.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-29

CVE-2024-4274 - Essential Real Estate Plugin

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.

PLUGIN Essential Real Estate

CVE-2024-4274

MEDIUM CVSS 4.3 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-29

CVE-2024-4273 - Essential Real Estate Plugin

The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Real Estate

CVE-2024-4273

MEDIUM CVSS 6.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3230 - Download Attachments Plugin

The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Download Attachments

CVE-2024-3230

MEDIUM CVSS 6.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-21

CVE-2024-4057 - Gutenberg Blocks With Ai By Kadence Wp Plugin

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Gutenberg Blocks With Ai By Kadence Wp

CVE-2024-4057

MEDIUM CVSS 6.1 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3031 - Fluid Notification Bar Plugin

The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Fluid Notification Bar

CVE-2024-3031

MEDIUM CVSS 4.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2024-2470 - Before 20240412 Does Not Sanitise And Escape Some Of Its Settings Plugin

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 20240412 Does Not Sanitise And Escape Some Of Its Settings

CVE-2024-2470

MEDIUM CVSS 5.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2382 - Authorizenet Payment Gateway For Woocommerce Plugin

The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for unauthenticated attackers to update order payment statuses to paid bypassing any payment.

PLUGIN Authorizenet Payment Gateway For Woocommerce

CVE-2024-2382

MEDIUM CVSS 5.3 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1718 - Woocommerce Checkout Cielo Plugin

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update the status of orders to paid bypassing payment.

PLUGIN Woocommerce Checkout Cielo

CVE-2024-1718

MEDIUM CVSS 5.3 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2025-05-21

CVE-2024-0757 - Insert Or Embed Articulate Content Plugin

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

PLUGIN Insert Or Embed Articulate Content

CVE-2024-0757

MEDIUM CVSS 5.4 2024-06-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1717 - Admin Notices Manager Plugin

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve a list of registered user emails.

PLUGIN Admin Notices Manager

CVE-2024-1717

MEDIUM CVSS 4.3 2024-06-04
Open Full Technical Breakdown
Scroll to top