Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-04
CVE-2024-1948 - Getwid Plugin
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Getwid
CVE-2024-1948
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1984 - Graphene Plugin
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.
PLUGIN
Graphene
CVE-2024-1984
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1850 - AI Post Generator | AutoWriter Plugin
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions.
PLUGIN
AI Post Generator | AutoWriter
CVE-2024-1850
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1904 - Masterstudy Lms Plugin
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
PLUGIN
Masterstudy Lms
CVE-2024-1904
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1790 - WordPress Infinite Scroll – Ajax Load More Plugin
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.
PLUGIN
WordPress Infinite Scroll – Ajax Load More
CVE-2024-1790
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1498 - Happy Addons For Elementor Plugin
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Happy Addons For Elementor
CVE-2024-1498
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1466 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue.
PLUGIN
Addons For Elementor
CVE-2024-1466
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1641 - Accordion Plugin
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.
PLUGIN
Accordion
CVE-2024-1641
Risk Score
Threat Entry
Updated 2025-09-30
CVE-2024-1587 - Newsmatic Plugin
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.
PLUGIN
Newsmatic
CVE-2024-1587
Risk Score
Threat Entry
Updated 2025-02-27
CVE-2024-1571 - Wp Recipe Maker Plugin
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Recipe Maker
CVE-2024-1571
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1637 - 360 Javascript Viewer Plugin
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings.
PLUGIN
360 Javascript Viewer
CVE-2024-1637
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1465 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-1465
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1464 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-1464
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1461 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-1461
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1458 - Addons For Elementor Plugin
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addons For Elementor
CVE-2024-1458
Risk Score
Threat Entry
Updated 2025-02-27
CVE-2024-1424 - Givewp Plugin
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Givewp
CVE-2024-1424
Risk Score
Threat Entry
Updated 2025-01-09
CVE-2024-1463 - Learnpress Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Learnpress
CVE-2024-1463
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1352 - Classified Listing Plugin
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
PLUGIN
Classified Listing
CVE-2024-1352
Risk Score
Threat Entry
Updated 2025-01-22
CVE-2024-1412 - Memberpress Plugin
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note - the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances.
PLUGIN
Memberpress
CVE-2024-1412
Risk Score
Threat Entry
Updated 2025-01-07
CVE-2024-1387 - Happy Addons For Elementor Plugin
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.
PLUGIN
Happy Addons For Elementor
CVE-2024-1387
Risk Score