Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-0380 - Wp Recipe Maker Plugin
The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.
PLUGIN
Wp Recipe Maker
CVE-2024-0380
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0374 - Views For Wpforms Plugin
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Views For Wpforms
CVE-2024-0374
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0373 - Views For Wpforms Plugin
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Views For Wpforms
CVE-2024-0373
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0372 - Views For Wpforms Plugin
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
PLUGIN
Views For Wpforms
CVE-2024-0372
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0371 - Views For Wpforms Plugin
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
PLUGIN
Views For Wpforms
CVE-2024-0371
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0370 - Views For Wpforms Plugin
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
PLUGIN
Views For Wpforms
CVE-2024-0370
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0366 - Starbox Plugin
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.
PLUGIN
Starbox
CVE-2024-0366
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0255 - Wp Recipe Maker Plugin
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Recipe Maker
CVE-2024-0255
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0254 - Simply Guest Author Name Plugin
The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Simply Guest Author Name
CVE-2024-0254
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7029 - Maxbuttons Plugin
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.
PLUGIN
Maxbuttons
CVE-2023-7029
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6985 - Ai Assistant Plugin
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.
PLUGIN
Ai Assistant
CVE-2023-6985
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6982 - Display Custom Fields In The Frontend Post And User Profile Fields Plugin
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Display Custom Fields In The Frontend Post And User Profile Fields
CVE-2023-6982
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7014 - Molongui Authorship Plugin
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.
PLUGIN
Molongui Authorship
CVE-2023-7014
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6983 - Display Custom Fields In The Frontend Post And User Profile Fields Plugin
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.
PLUGIN
Display Custom Fields In The Frontend Post And User Profile Fields
CVE-2023-6983
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6884 - Plugin For Google Reviews
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Plugin For Google Reviews
CVE-2023-6884
Risk Score
Threat Entry
Updated 2024-11-25
CVE-2023-6963 - Getwid Plugin
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.
PLUGIN
Getwid
CVE-2023-6963
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6953 - Pdf Generator For Fluent Forms Plugin
The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low…
PLUGIN
Pdf Generator For Fluent Forms
CVE-2023-6953
Risk Score
Threat Entry
Updated 2024-11-25
CVE-2023-6959 - Getwid Plugin
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.
PLUGIN
Getwid
CVE-2023-6959
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6808 - Amelia Plugin
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Amelia
CVE-2023-6808
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6807 - Generatepress Plugin
The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Generatepress
CVE-2023-6807
Risk Score