Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-51406 - Fastdup Plugin
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.
PLUGIN
Fastdup
CVE-2023-51406
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6627 - Before 9 Plugin
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
PLUGIN
Before 9
CVE-2023-6627
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6555 - Email Subscription Popup Plugin
The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Email Subscription Popup
CVE-2023-6555
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6529 - Before 8 Plugin
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.
PLUGIN
Before 8
CVE-2023-6529
Risk Score
Threat Entry
Updated 2025-06-17
CVE-2023-6161 - Wp Crowdfunding Plugin
The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Wp Crowdfunding
CVE-2023-6161
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6141 - Essential Real Estate Plugin
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.
PLUGIN
Essential Real Estate
CVE-2023-6141
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2023-6139 - Essential Real Estate Plugin
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.
PLUGIN
Essential Real Estate
CVE-2023-6139
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-5911 - Wp Custom Cursors Wordpress Cursor Plugin
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Wp Custom Cursors Wordpress Cursor
CVE-2023-5911
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6801 - Rss Aggregator By Feedzy Plugin
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Rss Aggregator By Feedzy
CVE-2023-6801
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6798 - Rss Aggregator By Feedzy Plugin
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.
PLUGIN
Rss Aggregator By Feedzy
CVE-2023-6798
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-52124 - Responsive Tabs Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.
PLUGIN
Responsive Tabs
CVE-2023-52124
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-52119 - Icegram Engage Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.
PLUGIN
Icegram Engage
CVE-2023-52119
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51538 - Awesome Support Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.
PLUGIN
Awesome Support
CVE-2023-51538
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-52128 - White Label Plugin
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.
PLUGIN
White Label
CVE-2023-52128
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6493 - Depicter Slider Plugin
The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.
PLUGIN
Depicter Slider
CVE-2023-6493
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7044 - Essential Addons For Elementor Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Essential Addons For Elementor
CVE-2023-7044
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6733 - Wp Members Plugin
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
PLUGIN
Wp Members
CVE-2023-6733
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6738 - Pagelayer Plugin
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.
PLUGIN
Pagelayer
CVE-2023-6738
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6498 - Ccpa Cookie Consent Plugin
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Ccpa Cookie Consent
CVE-2023-6498
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0201 - Product Expiry For Woocommerce Plugin
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.
PLUGIN
Product Expiry For Woocommerce
CVE-2024-0201
Risk Score