Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-1678 - Subway Plugin
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content.
PLUGIN
Subway
CVE-2024-1678
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1716 - Admin Bar Plugin
The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable or disable the admin bar on the front-end of the site.
PLUGIN
Admin Bar
CVE-2024-1716
Risk Score
Threat Entry
Updated 2025-03-05
CVE-2024-1572 - Wp Ulike Plugin
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Ulike
CVE-2024-1572
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-1533 - Shortcodes And Extra Features For Phlox Theme
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Requires Elementor and the Phlox theme to be installed.
THEME
Shortcodes And Extra Features For Phlox Theme
CVE-2024-1533
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-1584 - Analytify Google Analytics Dashboard Plugin
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID.
PLUGIN
Analytify Google Analytics Dashboard
CVE-2024-1584
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1416 - Lead Form Builder Plugin
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke those functions.
PLUGIN
Lead Form Builder
CVE-2024-1416
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1415 - Lead Form Builder Plugin
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. These actions may result in form deletion, and lead signup as well as file upload.
PLUGIN
Lead Form Builder
CVE-2024-1415
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-1396 - Shortcodes And Extra Features For Phlox Theme
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Shortcodes And Extra Features For Phlox Theme
CVE-2024-1396
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1386 - MailerLite – Signup forms (official) Plugin
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
MailerLite – Signup forms (official)
CVE-2024-1386
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-1348 - Shortcodes And Extra Features For Phlox Theme
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Shortcodes And Extra Features For Phlox Theme
CVE-2024-1348
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0848 - Aa Cash Calculator Plugin
The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Aa Cash Calculator
CVE-2024-0848
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0908 - Advanced Post Block Plugin
The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected.
PLUGIN
Advanced Post Block
CVE-2024-0908
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0613 - Delete Custom Fields Plugin
The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajax_delete_field() function. This makes it possible for unauthenticated attackers to delete arbitrary post meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Delete Custom Fields
CVE-2024-0613
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0710 - Gp Unique Id Plugin
The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.
PLUGIN
Gp Unique Id
CVE-2024-0710
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0629 - 2checkout_payment_gateway Plugin
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid.
PLUGIN
2checkout_payment_gateway
CVE-2024-0629
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0615 - content_control Plugin
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only.
PLUGIN
content_control
CVE-2024-0615
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0847 - 5280 Bootstrap Modal Contact Form Plugin
The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
5280 Bootstrap Modal Contact Form
CVE-2024-0847
Risk Score
Threat Entry
Updated 2025-11-26
CVE-2023-7067 - Shoplentor Plugin
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template_store' function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with contributor access and above to access the nonce used to access this function and set a blank template as the default template.
PLUGIN
Shoplentor
CVE-2023-7067
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7030 - Collapse O Matic Plugin
The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Collapse O Matic
CVE-2023-7030
Risk Score
Threat Entry
Updated 2025-02-06
CVE-2023-6962 - Wp Meta Seo Plugin
The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts.
PLUGIN
Wp Meta Seo
CVE-2023-6962
Risk Score