Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-11
CVE-2023-5006 - Wp Discord Invite Plugin
The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.
PLUGIN
Wp Discord Invite
CVE-2023-5006
Risk Score
Threat Entry
Updated 2025-05-09
CVE-2024-0239 - Contact Form 7 Connector Plugin
The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.
PLUGIN
Contact Form 7 Connector
CVE-2024-0239
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2024-0238 - Eventon Premium Plugin
The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.
PLUGIN
Eventon Premium
CVE-2024-0238
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2024-0233 - Before 2 Plugin
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 2
CVE-2024-0233
Risk Score
Threat Entry
Updated 2025-05-22
CVE-2024-0187 - Community By Peepso Plugin
The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Community By Peepso
CVE-2024-0187
Risk Score
Threat Entry
Updated 2026-02-27
CVE-2023-7151 - Product Enquiry For Woocommerce Plugin
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Product Enquiry For Woocommerce
CVE-2023-7151
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-7084 - Voting Record Plugin
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
PLUGIN
Voting Record
CVE-2023-7084
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2024-0237 - Before 2 Plugin
The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc
PLUGIN
Before 2
CVE-2024-0237
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2024-0236 - Before 2 Plugin
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
PLUGIN
Before 2
CVE-2024-0236
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2024-0235 - Before 2 Plugin
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
PLUGIN
Before 2
CVE-2024-0235
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7154 - Before 1 Plugin
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 1
CVE-2023-7154
Risk Score
Threat Entry
Updated 2025-06-17
CVE-2023-7125 - Community By Peepso Plugin
The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
PLUGIN
Community By Peepso
CVE-2023-7125
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6824 - Wp Customer Area Plugin
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
PLUGIN
Wp Customer Area
CVE-2023-6824
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5558 - Before 4 Plugin
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 4
CVE-2023-5558
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2023-7083 - Voting Record Plugin
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Voting Record
CVE-2023-7083
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-4757 - Before 1 Plugin
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.
PLUGIN
Before 1
CVE-2023-4757
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-6592 - Before 2 Plugin
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
PLUGIN
Before 2
CVE-2023-6592
Risk Score
Threat Entry
Updated 2025-06-02
CVE-2023-6732 - Ultimate Maps By Supsystic Plugin
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Ultimate Maps By Supsystic
CVE-2023-6732
Risk Score
Threat Entry
Updated 2025-06-13
CVE-2023-6046 - Before 2 Plugin
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 2
CVE-2023-6046
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2023-6005 - Before 2 Plugin
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2023-6005
Risk Score