Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 6781-6800 of 10866 records
Threat Entry Updated 2025-04-10

CVE-2024-34434 - Wordpress Meta Data And Taxonomies Filter Plugin

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.

PLUGIN Wordpress Meta Data And Taxonomies Filter

CVE-2024-34434

MEDIUM CVSS 6.5 2024-05-17
Open Full Technical Breakdown
Threat Entry Updated 2025-05-30

CVE-2024-3580 - Popup4phone Plugin

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Popup4phone

CVE-2024-3580

MEDIUM CVSS 6.1 2024-05-17
Open Full Technical Breakdown
Threat Entry Updated 2025-05-30

CVE-2024-3231 - Popup4phone Plugin

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

PLUGIN Popup4phone

CVE-2024-3231

MEDIUM CVSS 6.1 2024-05-17
Open Full Technical Breakdown
Threat Entry Updated 2025-06-30

CVE-2024-2697 - Socialdriver Framework Plugin

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

PLUGIN Socialdriver Framework

CVE-2024-2697

MEDIUM CVSS 6.5 2024-05-17
Open Full Technical Breakdown
Threat Entry Updated 2025-05-21

CVE-2024-2744 - Nextgen Gallery Plugin

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Nextgen Gallery

CVE-2024-2744

MEDIUM CVSS 4.3 2024-05-17
Open Full Technical Breakdown
Threat Entry Updated 2025-01-29

CVE-2024-3134 - Master Addons Plugin

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Master Addons

CVE-2024-3134

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4204 - Bulk Posts Editing For Wordpress Plugin

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and duplicate posts, retrieve post content, and modify post taxonomy among other things via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Bulk Posts Editing For Wordpress

CVE-2024-4204

MEDIUM CVSS 4.3 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-27

CVE-2024-3609 - Reviewx Plugin

The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.

PLUGIN Reviewx

CVE-2024-3609

MEDIUM CVSS 4.3 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-29

CVE-2024-2619 - Elementor Header Footer Builder Plugin

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary HTML in pages that will be shown whenever a user accesses an injected page.

PLUGIN Elementor Header Footer Builder

CVE-2024-2619

MEDIUM CVSS 5.0 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-30

CVE-2024-4580 - Master Addons Plugin

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Master Addons

CVE-2024-4580

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-30

CVE-2024-4634 - Elementor Header Footer Builder Plugin

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Elementor Header Footer Builder

CVE-2024-4634

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4617 - Rank Math Seo With Ai Best Seo Tools Plugin

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Rank Math Seo With Ai Best Seo Tools

CVE-2024-4617

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-03-20

CVE-2024-4400 - Post And Page Builder Plugin

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Post And Page Builder

CVE-2024-4400

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-30

CVE-2024-4385 - Envo Extra Plugin

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Envo Extra

CVE-2024-4385

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-4288 - Simply Schedule Appointments Plugin

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Simply Schedule Appointments

CVE-2024-4288

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-4391 - Happy Addons For Elementor Plugin

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Happy Addons For Elementor

CVE-2024-4391

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-3887 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Royal Elementor Addons

CVE-2024-3887

MEDIUM CVSS 5.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4546 - Custom Post Type Attachment Plugin

The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Custom Post Type Attachment

CVE-2024-4546

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-4478 - Happy Addons For Elementor Plugin

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Happy Addons For Elementor

CVE-2024-4478

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4635 - Menu Icons Plugin

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Menu Icons

CVE-2024-4635

MEDIUM CVSS 6.4 2024-05-16
Open Full Technical Breakdown
Scroll to top