Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-15
CVE-2024-1411 - Powerpack Addons For Elementor Plugin
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Powerpack Addons For Elementor
CVE-2024-1411
Risk Score
Threat Entry
Updated 2025-01-22
CVE-2024-1408 - Profilepress Plugin
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Profilepress
CVE-2024-1408
Risk Score
Threat Entry
Updated 2025-01-27
CVE-2024-1389 - Membership Content Restriction Paid Member Subscriptions Plugin
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.
PLUGIN
Membership Content Restriction Paid Member Subscriptions
CVE-2024-1389
Risk Score
Threat Entry
Updated 2025-01-22
CVE-2024-1390 - Membership Content Restriction Paid Member Subscriptions Plugin
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.
PLUGIN
Membership Content Restriction Paid Member Subscriptions
CVE-2024-1390
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1349 - Embedpress Plugin
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Embedpress
CVE-2024-1349
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-1340 - Wp Login Lockdown Plugin
The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.
PLUGIN
Wp Login Lockdown
CVE-2024-1340
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1339 - Imagerecycle Pdf Image Compression Plugin
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove all plugin data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Imagerecycle Pdf Image Compression
CVE-2024-1339
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1338 - Imagerecycle Pdf Image Compression Plugin
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Imagerecycle Pdf Image Compression
CVE-2024-1338
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-1337 - Skt Templates Plugin
The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.
PLUGIN
Skt Templates
CVE-2024-1337
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1336 - Imagerecycle Pdf Image Compression Plugin
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Imagerecycle Pdf Image Compression
CVE-2024-1336
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1318 - Rss Aggregator By Feedzy Plugin
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content.
PLUGIN
Rss Aggregator By Feedzy
CVE-2024-1318
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-1322 - Directorist Plugin
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.
PLUGIN
Directorist
CVE-2024-1322
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-1294 - Sunshine Photo Cart Plugin
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.
PLUGIN
Sunshine Photo Cart
CVE-2024-1294
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1335 - Imagerecycle Pdf Image Compression Plugin
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Imagerecycle Pdf Image Compression
CVE-2024-1335
Risk Score
Threat Entry
Updated 2024-12-31
CVE-2024-1334 - Imagerecycle Pdf Image Compression Plugin
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to enable image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Imagerecycle Pdf Image Compression
CVE-2024-1334
Risk Score
Threat Entry
Updated 2025-03-04
CVE-2024-1282 - Email Encoder Plugin
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Email Encoder
CVE-2024-1282
Risk Score
Threat Entry
Updated 2025-03-04
CVE-2024-1277 - Ocean Extra Plugin
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Ocean Extra
CVE-2024-1277
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1276 - Essential Addons For Elementor Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Essential Addons For Elementor
CVE-2024-1276
Risk Score
Threat Entry
Updated 2025-03-11
CVE-2024-1288 - Schema & Structured Data for WP & AMP Plugin
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.
PLUGIN
Schema & Structured Data for WP & AMP
CVE-2024-1288
Risk Score
Threat Entry
Updated 2025-08-15
CVE-2024-1242 - Premium Addons For Elementor Plugin
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Premium Addons For Elementor
CVE-2024-1242
Risk Score