Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-6747 - Foogallery Plugin
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Foogallery
CVE-2023-6747
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6621 - Before 2 Plugin
The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 2
CVE-2023-6621
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2023-6984 - Powerpack Addons For Elementor Plugin
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Powerpack Addons For Elementor
CVE-2023-6984
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7068 - Woocommerce Pdf Invoices Packing Slips Delivery Notes And Shipping Labels Plugin
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
PLUGIN
Woocommerce Pdf Invoices Packing Slips Delivery Notes And Shipping Labels
CVE-2023-7068
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6986 - Embedpress Plugin
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Embedpress
CVE-2023-6986
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6524 - Mappress Plugin
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Mappress
CVE-2023-6524
Risk Score
Threat Entry
Updated 2024-12-17
CVE-2023-6981 - Wp Sms Plugin
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected…
PLUGIN
Wp Sms
CVE-2023-6981
Risk Score
Threat Entry
Updated 2025-07-11
CVE-2023-6980 - Wp Sms Plugin
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Wp Sms
CVE-2023-6980
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6629 - Post Smtp Plugin
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Post Smtp
CVE-2023-6629
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6000 - Popup Builder Plugin
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
PLUGIN
Popup Builder
CVE-2023-6000
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6485 - Html5 Video Player Plugin
The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins
PLUGIN
Html5 Video Player
CVE-2023-6485
Risk Score
Threat Entry
Updated 2025-06-18
CVE-2023-6037 - Wp Tripadvisor Review Slider Plugin
The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Wp Tripadvisor Review Slider
CVE-2023-6037
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-52185 - Everest Backup Plugin
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9.
PLUGIN
Everest Backup
CVE-2023-52185
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51688 - Ecommerce Product Catalog Plugin
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.
PLUGIN
Ecommerce Product Catalog
CVE-2023-51688
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50891 - This Issue Affects Form Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1.
PLUGIN
This Issue Affects Form
CVE-2023-50891
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50889 - Beaver Builder Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2.
PLUGIN
Beaver Builder
CVE-2023-50889
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50879 - Wordpress Com Editing Toolkit Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.
PLUGIN
Wordpress Com Editing Toolkit
CVE-2023-50879
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51372 - Hashbar Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.
PLUGIN
Hashbar
CVE-2023-51372
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50896 - Weforms Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.
PLUGIN
Weforms
CVE-2023-50896
Risk Score
Threat Entry
Updated 2024-12-17
CVE-2023-27447 - Wp Sms Plugin
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.
PLUGIN
Wp Sms
CVE-2023-27447
Risk Score