Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 7701-7720 of 10866 records
Threat Entry Updated 2025-01-08

CVE-2024-1236 - Essential Addons For Elementor Plugin

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor

CVE-2024-1236

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-1235 - Addons For Elementor Plugin

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Addons For Elementor

CVE-2024-1235

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-19

CVE-2024-1218 - Contact Form Builder Plugin

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.

PLUGIN Contact Form Builder

CVE-2024-1218

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1172 - Essential Addons For Elementor Plugin

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor

CVE-2024-1172

MEDIUM CVSS 5.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1171 - Essential Addons For Elementor Plugin

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor

CVE-2024-1171

MEDIUM CVSS 5.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-1130 - Nex Forms Plugin

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read.

PLUGIN Nex Forms

CVE-2024-1130

MEDIUM CVSS 5.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-1133 - Tutor Lms Plugin

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses.

PLUGIN Tutor Lms

CVE-2024-1133

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-1128 - Tutor Lms Plugin

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting

PLUGIN Tutor Lms

CVE-2024-1128

MEDIUM CVSS 5.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2024-1129 - Nex Forms Plugin

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.

PLUGIN Nex Forms

CVE-2024-1129

MEDIUM CVSS 5.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-19

CVE-2024-1070 - Siteorigin Widgets Bundle Plugin

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Siteorigin Widgets Bundle

CVE-2024-1070

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-12-27

CVE-2024-1091 - Imagerecycle Pdf Image Compression Plugin

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data.

PLUGIN Imagerecycle Pdf Image Compression

CVE-2024-1091

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-12-27

CVE-2024-1090 - Imagerecycle Pdf Image Compression Plugin

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.

PLUGIN Imagerecycle Pdf Image Compression

CVE-2024-1090

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-12-27

CVE-2024-1089 - Imagerecycle Pdf Image Compression Plugin

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.

PLUGIN Imagerecycle Pdf Image Compression

CVE-2024-1089

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-02-27

CVE-2024-1043 - Accelerated Mobile Pages Plugin

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.

PLUGIN Accelerated Mobile Pages

CVE-2024-1043

MEDIUM CVSS 6.5 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-19

CVE-2024-1058 - Siteorigin Widgets Bundle Plugin

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.

PLUGIN Siteorigin Widgets Bundle

CVE-2024-1058

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-1054 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2024-1054

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-07-11

CVE-2024-1044 - Customer Reviews For Woocommerce Plugin

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.

PLUGIN Customer Reviews For Woocommerce

CVE-2024-1044

MEDIUM CVSS 5.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-12-27

CVE-2024-0984 - Imagerecycle Pdf Image Compression Plugin

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting.

PLUGIN Imagerecycle Pdf Image Compression

CVE-2024-0984

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-12-27

CVE-2024-0983 - Imagerecycle Pdf Image Compression Plugin

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization.

PLUGIN Imagerecycle Pdf Image Compression

CVE-2024-0983

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-03-04

CVE-2024-0978 - My Private Site Plugin

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content.

PLUGIN My Private Site

CVE-2024-0978

MEDIUM CVSS 5.3 2024-02-29
Open Full Technical Breakdown
Scroll to top