Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-6591 - Before 20 Plugin
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Before 20
CVE-2023-6591
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2024-0248 - Before 2 Plugin
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.
PLUGIN
Before 2
CVE-2024-0248
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6501 - Splashscreen Plugin
The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Splashscreen
CVE-2023-6501
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-24887 - Contest Gallery Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.
PLUGIN
Contest Gallery
CVE-2024-24887
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-47526 - Chartify Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6.
PLUGIN
Chartify
CVE-2023-47526
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-23517 - Scheduling Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10.
PLUGIN
Scheduling
CVE-2024-23517
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51404 - My Agile Privacy Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.
PLUGIN
My Agile Privacy
CVE-2023-51404
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-24801 - Owl Carousel Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
PLUGIN
Owl Carousel
CVE-2024-24801
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-24713 - Auto Listings Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5.
PLUGIN
Auto Listings
CVE-2024-24713
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-24712 - Social Login Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.
PLUGIN
Social Login
CVE-2024-24712
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0596 - Awesome Support Plugin
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.
PLUGIN
Awesome Support
CVE-2024-0596
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0595 - Awesome Support Plugin
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.
PLUGIN
Awesome Support
CVE-2024-0595
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1122 - Eventin Plugin
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.
PLUGIN
Eventin
CVE-2024-1122
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0657 - Internal Link Juicer Plugin
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Internal Link Juicer
CVE-2024-0657
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0965 - Simple Page Access Restriction Plugin
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.
PLUGIN
Simple Page Access Restriction
CVE-2024-0965
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0511 - Royal Elementor Addons Plugin
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Royal Elementor Addons
CVE-2024-0511
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5665 - Payment Forms For Paystack Plugin
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32130 is likely a duplicate of this issue.
PLUGIN
Payment Forms For Paystack
CVE-2023-5665
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-1110 - Podlove Podcast Publisher Plugin
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
PLUGIN
Podlove Podcast Publisher
CVE-2024-1110
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1109 - Podlove Podcast Publisher Plugin
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
PLUGIN
Podlove Podcast Publisher
CVE-2024-1109
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1079 - Quiz Maker Plugin
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.
PLUGIN
Quiz Maker
CVE-2024-1079
Risk Score