Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-07
CVE-2024-1053 - Event Tickets Plugin
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves.
PLUGIN
Event Tickets
CVE-2024-1053
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-24837 - WooCommerce Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.
PLUGIN
WooCommerce
CVE-2024-24837
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-1081 - 3d Flipbook Plugin
The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
3d Flipbook
CVE-2024-1081
Risk Score
Threat Entry
Updated 2025-01-31
CVE-2024-0593 - Simple Job Board Plugin
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
PLUGIN
Simple Job Board
CVE-2024-0593
Risk Score
Threat Entry
Updated 2025-03-07
CVE-2024-1562 - Woocommerce Google Sheet Connector Plugin
The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.
PLUGIN
Woocommerce Google Sheet Connector
CVE-2024-1562
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2024-1501 - Wp Database Reset Plugin
The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Wp Database Reset
CVE-2024-1501
Risk Score
Threat Entry
Updated 2025-01-28
CVE-2024-1108 - Plugin Groups
The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.
PLUGIN
Plugin Groups
CVE-2024-1108
Risk Score
Threat Entry
Updated 2025-02-05
CVE-2024-1559 - Link Library Plugin
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Link Library
CVE-2024-1559
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-1510 - Shortcodes Ultimate Plugin
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Shortcodes Ultimate
CVE-2024-1510
Risk Score
Threat Entry
Updated 2025-01-23
CVE-2024-0708 - Landing Page Cat Plugin
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public.
PLUGIN
Landing Page Cat
CVE-2024-0708
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1159 - Bold Page Builder Plugin
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Bold Page Builder
CVE-2024-1159
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1160 - Bold Page Builder Plugin
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Bold Page Builder
CVE-2024-1160
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1157 - Bold Page Builder Plugin
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Bold Page Builder
CVE-2024-1157
Risk Score
Threat Entry
Updated 2025-03-26
CVE-2024-0250 - Before 6 Plugin
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
PLUGIN
Before 6
CVE-2024-0250
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0420 - Mappress Maps For Plugin
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
PLUGIN
Mappress Maps For
CVE-2024-0420
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2023-6499 - Lastunes Plugin
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Lastunes
CVE-2023-6499
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6082 - Chartjs Plugin
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Chartjs
CVE-2023-6082
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2023-6081 - Chartjs Plugin
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Chartjs
CVE-2023-6081
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-0421 - Mappress Maps For Plugin
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
PLUGIN
Mappress Maps For
CVE-2024-0421
Risk Score
Threat Entry
Updated 2025-03-14
CVE-2023-7233 - Gigpress Plugin
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Gigpress
CVE-2023-7233
Risk Score