Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 7841-7860 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2024-1078 - Quiz Maker Plugin

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.

PLUGIN Quiz Maker

CVE-2024-1078

MEDIUM CVSS 4.3 2024-02-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0977 - Timeline Widget For Elementor Plugin

The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.

PLUGIN Timeline Widget For Elementor

CVE-2024-0977

MEDIUM CVSS 4.4 2024-02-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1055 - Powerpack Addons For Elementor Plugin

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Powerpack Addons For Elementor

CVE-2024-1055

MEDIUM CVSS 5.4 2024-02-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1037 - All In One Security Plugin

The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN All In One Security

CVE-2024-1037

MEDIUM CVSS 6.1 2024-02-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0256 - Starbox Plugin

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Starbox

CVE-2024-0256

MEDIUM CVSS 6.4 2024-02-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1210 - Learndash Plugin

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.

PLUGIN Learndash

CVE-2024-1210

MEDIUM CVSS 5.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1209 - Learndash Plugin

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.

PLUGIN Learndash

CVE-2024-1209

MEDIUM CVSS 5.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1208 - Learndash Plugin

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.

PLUGIN Learndash

CVE-2024-1208

MEDIUM CVSS 5.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1177 - Wp Club Manager Plugin

The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs

PLUGIN Wp Club Manager

CVE-2024-1177

MEDIUM CVSS 5.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1121 - Advanced Forms For Acf Plugin

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.

PLUGIN Advanced Forms For Acf

CVE-2024-1121

MEDIUM CVSS 5.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1092 - Rss Aggregator By Feedzy Plugin

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.

PLUGIN Rss Aggregator By Feedzy

CVE-2024-1092

MEDIUM CVSS 4.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1046 - Profilepress Plugin

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Profilepress

CVE-2024-1046

MEDIUM CVSS 6.4 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0961 - Siteorigin Widgets Bundle Plugin

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Siteorigin Widgets Bundle

CVE-2024-0961

MEDIUM CVSS 6.4 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0954 - Essential Addons For Elementor Plugin

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Essential Addons For Elementor

CVE-2024-0954

MEDIUM CVSS 6.4 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0969 - Armember Plugin

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.

PLUGIN Armember

CVE-2024-0969

MEDIUM CVSS 5.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0859 - Affiliates Manager Plugin

The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Affiliates Manager

CVE-2024-0859

MEDIUM CVSS 4.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0834 - Elementor Addon Elements Plugin

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Elementor Addon Elements

CVE-2024-0834

MEDIUM CVSS 6.4 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0823 - Exclusive Addons For Elementor Plugin

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Exclusive Addons For Elementor

CVE-2024-0823

MEDIUM CVSS 5.4 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0835 - Royal Elementor Kit Plugin

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.

PLUGIN Royal Elementor Kit

CVE-2024-0835

MEDIUM CVSS 4.3 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2025-05-15

CVE-2024-0797 - Woot Plugin

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.

PLUGIN Woot

CVE-2024-0797

MEDIUM CVSS 4.3 2024-02-05
Open Full Technical Breakdown
Scroll to top