Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-5223 - Ultimate Post Plugin
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Ultimate Post
CVE-2024-5223
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2024-3063 - Wpb Elementor Addons Plugin
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wpb Elementor Addons
CVE-2024-3063
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3269 - Download Monitor Plugin
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data.
PLUGIN
Download Monitor
CVE-2024-3269
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2024-3190 - Unlimited Elements For Elementor Plugin
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this vulnerability is different in that the issue stems from an external template. It…
PLUGIN
Unlimited Elements For Elementor
CVE-2024-3190
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2253 - Testimonials Carousel Elementor Plugin
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Testimonials Carousel Elementor
CVE-2024-2253
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3726 - Login Logout Register Menu Plugin
The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Login Logout Register Menu
CVE-2024-3726
Risk Score
Threat Entry
Updated 2025-04-10
CVE-2024-5039 - Husky Products Filter Professional For Woocommerce Plugin
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Husky Products Filter Professional For Woocommerce
CVE-2024-5039
Risk Score
Threat Entry
Updated 2025-03-01
CVE-2024-5086 - Essential Addons For Elementor Plugin
The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Essential Addons For Elementor
CVE-2024-5086
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3937 - Playlist For Youtube Plugin
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Playlist For Youtube
CVE-2024-3937
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3921 - Gianism Plugin
The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Gianism
CVE-2024-3921
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-4419 - Fetch Jft Plugin
The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Fetch Jft
CVE-2024-4419
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0434 - Tour Booking Manager Plugin
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF.
PLUGIN
Tour Booking Manager
CVE-2024-0434
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-4533 - Kkprogressbar2 Plugin
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks
PLUGIN
Kkprogressbar2
CVE-2024-4533
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2024-4532 - Business Card Plugin
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks
PLUGIN
Business Card
CVE-2024-4532
Risk Score
Threat Entry
Updated 2025-05-19
CVE-2024-4534 - Kkprogressbar2 Plugin
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Kkprogressbar2
CVE-2024-4534
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2024-4530 - Business Card Plugin
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks
PLUGIN
Business Card
CVE-2024-4530
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2024-3939 - Before 3 Plugin
The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 3
CVE-2024-3939
Risk Score
Threat Entry
Updated 2025-05-01
CVE-2024-4529 - Business Card Plugin
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks
PLUGIN
Business Card
CVE-2024-4529
Risk Score
Threat Entry
Updated 2025-07-16
CVE-2024-4045 - Optinmonster Plugin
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Optinmonster
CVE-2024-4045
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5218 - G Business Reviews Rating Plugin
The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
G Business Reviews Rating
CVE-2024-5218
Risk Score