Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 7121-7140 of 10866 records
Threat Entry Updated 2025-01-10

CVE-2024-2798 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Royal Elementor Addons

CVE-2024-2798

MEDIUM CVSS 6.5 2024-04-23
Open Full Technical Breakdown
Threat Entry Updated 2025-01-10

CVE-2024-3889 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like 'accordion_title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Royal Elementor Addons

CVE-2024-3889

MEDIUM CVSS 6.4 2024-04-23
Open Full Technical Breakdown
Threat Entry Updated 2025-01-10

CVE-2024-2799 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Royal Elementor Addons

CVE-2024-2799

MEDIUM CVSS 6.4 2024-04-23
Open Full Technical Breakdown
Threat Entry Updated 2025-01-10

CVE-2024-3645 - Essential Addons For Elementor Plugin

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor

CVE-2024-3645

MEDIUM CVSS 6.4 2024-04-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4014 - Hcaptcha For Wordpress Plugin

The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Hcaptcha For Wordpress

CVE-2024-4014

MEDIUM CVSS 6.4 2024-04-20
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-1730 - Prime Slider Plugin

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an…

PLUGIN Prime Slider

CVE-2024-1730

MEDIUM CVSS 5.4 2024-04-20
Open Full Technical Breakdown
Threat Entry Updated 2025-11-26

CVE-2024-1057 - Shoplentor Plugin

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes like 'button_class'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Shoplentor

CVE-2024-1057

MEDIUM CVSS 6.4 2024-04-20
Open Full Technical Breakdown
Threat Entry Updated 2025-05-30

CVE-2024-2761 - Genesis Blocks Plugin

The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.

PLUGIN Genesis Blocks

CVE-2024-2761

MEDIUM CVSS 6.8 2024-04-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-3731 - Customer Reviews For Woocommerce Plugin

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Customer Reviews For Woocommerce

CVE-2024-3731

MEDIUM CVSS 6.1 2024-04-19
Open Full Technical Breakdown
Threat Entry Updated 2025-03-12

CVE-2024-3615 - Media Library Folders Plugin

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Media Library Folders

CVE-2024-3615

MEDIUM CVSS 6.1 2024-04-19
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-3818 - Essential Blocks Plugin

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Blocks

CVE-2024-3818

MEDIUM CVSS 5.4 2024-04-19
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-3598 - Elementskit Plugin

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Elementskit

CVE-2024-3598

MEDIUM CVSS 6.4 2024-04-19
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-3560 - Learnpress Plugin

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Learnpress

CVE-2024-3560

MEDIUM CVSS 6.4 2024-04-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50885 - Store Locator WordPress Plugin

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.

PLUGIN Store Locator WordPress

CVE-2023-50885

MEDIUM CVSS 6.8 2024-04-18
Open Full Technical Breakdown
Threat Entry Updated 2025-02-11

CVE-2023-6892 - Ean For Woocommerce Plugin

The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ean For Woocommerce

CVE-2023-6892

MEDIUM CVSS 6.4 2024-04-18
Open Full Technical Breakdown
Threat Entry Updated 2025-02-11

CVE-2023-6897 - Ean For Woocommerce Plugin

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.

PLUGIN Ean For Woocommerce

CVE-2023-6897

MEDIUM CVSS 4.3 2024-04-18
Open Full Technical Breakdown
Threat Entry Updated 2025-02-28

CVE-2024-2833 - Jobs For Wordpress Plugin

The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Jobs For Wordpress

CVE-2024-2833

MEDIUM CVSS 6.1 2024-04-18
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2024-32597 - Wp Smart Import Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7.

PLUGIN Wp Smart Import

CVE-2024-32597

MEDIUM CVSS 5.9 2024-04-18
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-1429 - Element Pack Plugin

The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Element Pack

CVE-2024-1429

MEDIUM CVSS 6.4 2024-04-18
Open Full Technical Breakdown
Scroll to top