Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 7341-7360 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-5692 - WordPress Core

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.

CORE WordPress Core

CVE-2023-5692

MEDIUM CVSS 5.3 2024-04-05
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-2509 - Gutenberg Blocks By Kadence Blocks Plugin

The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Gutenberg Blocks By Kadence Blocks

CVE-2024-2509

MEDIUM CVSS 6.5 2024-04-05
Open Full Technical Breakdown
Threat Entry Updated 2026-01-02

CVE-2024-31211 - WordPress Core

WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.

CORE WordPress Core

CVE-2024-31211

MEDIUM CVSS 5.5 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1418 - Cgc Maintenance Mode Plugin

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled.

PLUGIN Cgc Maintenance Mode

CVE-2024-1418

MEDIUM CVSS 5.3 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-07

CVE-2024-2919 - Gutenberg Blocks With Ai Plugin

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Gutenberg Blocks With Ai

CVE-2024-2919

MEDIUM CVSS 6.4 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2830 - WordPress Tag and Category Manager – AI Autotagger Plugin

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN WordPress Tag and Category Manager – AI Autotagger

CVE-2024-2830

MEDIUM CVSS 6.4 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-10-02

CVE-2024-2868 - Shoplentor Plugin

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Shoplentor

CVE-2024-2868

MEDIUM CVSS 6.4 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3030 - Announce From The Dashboard Plugin

The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Announce From The Dashboard

CVE-2024-3030

MEDIUM CVSS 4.4 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2024-2803 - Elements Kit Elementor Addons Plugin

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Elements Kit Elementor Addons

CVE-2024-2803

MEDIUM CVSS 6.4 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-04-07

CVE-2024-2322 - Woocommerce Cart Abandonment Recovery Plugin

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

PLUGIN Woocommerce Cart Abandonment Recovery

CVE-2024-2322

MEDIUM CVSS 6.8 2024-04-03
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-3162 - Jeg Elementor Kit Plugin

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32721 is likely a duplicate of this issue.

PLUGIN Jeg Elementor Kit

CVE-2024-3162

MEDIUM CVSS 6.4 2024-04-03
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-1327 - Jeg Elementor Kit Plugin

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Jeg Elementor Kit

CVE-2024-1327

MEDIUM CVSS 6.4 2024-04-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1807 - Product Sort And Display For Woocommerce Plugin

The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to hide product categories.

PLUGIN Product Sort And Display For Woocommerce

CVE-2024-1807

MEDIUM CVSS 6.5 2024-04-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1946 - Genesis Blocks Plugin

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Genesis Blocks

CVE-2024-1946

MEDIUM CVSS 6.4 2024-04-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1732 - Sharkdropship Dropshipping & Affiliate for for AliExpress Plugin

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to delete arbitrary posts.

PLUGIN Sharkdropship Dropshipping & Affiliate for for AliExpress

CVE-2024-1732

MEDIUM CVSS 5.3 2024-04-02
Open Full Technical Breakdown
Threat Entry Updated 2025-08-27

CVE-2024-2931 - Wpfront User Role Editor Plugin

The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.

PLUGIN Wpfront User Role Editor

CVE-2024-2931

MEDIUM CVSS 4.3 2024-04-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-2925 - Beaver Builder Plugin

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Beaver Builder

CVE-2024-2925

MEDIUM CVSS 6.4 2024-04-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-28

CVE-2024-2839 - Colibri Page Builder Plugin

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Colibri Page Builder

CVE-2024-2839

MEDIUM CVSS 6.4 2024-04-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2924 - Creative Addons For Elementor Plugin

The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Creative Addons For Elementor

CVE-2024-2924

MEDIUM CVSS 6.4 2024-04-02
Open Full Technical Breakdown
Scroll to top