Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 6981-7000 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2024-3520 - Country State City Dropdown Cf7 Plugin

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access and above, to add states or cities to the dropdown.

PLUGIN Country State City Dropdown Cf7

CVE-2024-3520

MEDIUM CVSS 4.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-3489 - Exclusive Addons For Elementor Plugin

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Exclusive Addons For Elementor

CVE-2024-3489

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-05-29

CVE-2024-3341 - Shortcodes And Extra Features For Phlox Theme

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

THEME Shortcodes And Extra Features For Phlox Theme

CVE-2024-3341

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3473 - Header Footer Code Manager Pro Plugin

The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Header Footer Code Manager Pro

CVE-2024-3473

MEDIUM CVSS 6.1 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-3340 - Colibri Page Builder Plugin

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Colibri Page Builder

CVE-2024-3340

MEDIUM CVSS 5.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-3338 - Colibri Page Builder Plugin

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Colibri Page Builder

CVE-2024-3338

MEDIUM CVSS 4.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3295 - And User Profile Plugin

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file.

PLUGIN And User Profile

CVE-2024-3295

MEDIUM CVSS 6.5 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-3337 - Colibri Page Builder Plugin

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Colibri Page Builder

CVE-2024-3337

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-3308 - Ht Mega Plugin

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ht Mega

CVE-2024-3308

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-3307 - Ht Mega Plugin

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ht Mega

CVE-2024-3307

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3312 - Easy Custom Auto Excerpt Plugin

The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts.

PLUGIN Easy Custom Auto Excerpt

CVE-2024-3312

MEDIUM CVSS 5.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3287 - Seo Optimizer Plugin

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.

PLUGIN Seo Optimizer

CVE-2024-3287

MEDIUM CVSS 5.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-3199 - The Plus Addons For Elementor Plugin

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN The Plus Addons For Elementor

CVE-2024-3199

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-3197 - The Plus Addons For Elementor Plugin

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN The Plus Addons For Elementor

CVE-2024-3197

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-3215 - Paid Memberships Pro Plugin

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Paid Memberships Pro

CVE-2024-3215

MEDIUM CVSS 5.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3275 - Webinars Plugin

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts.

PLUGIN Webinars

CVE-2024-3275

MEDIUM CVSS 4.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3233 - Wordpress Search Plugin

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation.

PLUGIN Wordpress Search

CVE-2024-3233

MEDIUM CVSS 4.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3206 - Different Menus In Different Pages Plugin

The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate menus.

PLUGIN Different Menus In Different Pages

CVE-2024-3206

MEDIUM CVSS 4.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-3161 - Jeg Elementor Kit Plugin

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Jeg Elementor Kit

CVE-2024-3161

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3074 - Fd Elementor Imagebox Plugin

The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Fd Elementor Imagebox

CVE-2024-3074

MEDIUM CVSS 6.4 2024-05-02
Open Full Technical Breakdown
Scroll to top