Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8101-8120 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-50874 - Ajax Load More Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.

PLUGIN Ajax Load More

CVE-2023-50874

MEDIUM CVSS 6.5 2023-12-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-51700 - Unofficial Mobile Bankid Integration Plugin

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later),…

PLUGIN Unofficial Mobile Bankid Integration

CVE-2023-51700

MEDIUM CVSS 6.4 2023-12-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6268 - Json Content Importer Plugin

The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Json Content Importer

CVE-2023-6268

MEDIUM CVSS 6.1 2023-12-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6166 - Before 6 Plugin

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

PLUGIN Before 6

CVE-2023-6166

MEDIUM CVSS 6.1 2023-12-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6155 - Before 6 Plugin

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.

PLUGIN Before 6

CVE-2023-6155

MEDIUM CVSS 5.3 2023-12-26
Open Full Technical Breakdown
Threat Entry Updated 2025-04-17

CVE-2023-5980 - Bsk Forms Blacklist Plugin

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Bsk Forms Blacklist

CVE-2023-5980

MEDIUM CVSS 4.8 2023-12-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5672 - Before 1 Plugin

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.

PLUGIN Before 1

CVE-2023-5672

MEDIUM CVSS 6.5 2023-12-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6744 - Divi Plugin

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Divi

CVE-2023-6744

MEDIUM CVSS 6.4 2023-12-23
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-47191 - Youzify Plugin

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.

PLUGIN Youzify

CVE-2023-47191

MEDIUM CVSS 6.5 2023-12-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50828 - Ultimate Dashboard Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.

PLUGIN Ultimate Dashboard

CVE-2023-50828

MEDIUM CVSS 5.9 2023-12-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50824 - Insert Or Embed Articulate Content Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.

PLUGIN Insert Or Embed Articulate Content

CVE-2023-50824

MEDIUM CVSS 6.5 2023-12-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-49162 - Bigcommerce Plugin

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.

PLUGIN Bigcommerce

CVE-2023-49162

MEDIUM CVSS 5.3 2023-12-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-28421 - Wp Email Capture Plugin

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10.

PLUGIN Wp Email Capture

CVE-2023-28421

MEDIUM CVSS 5.3 2023-12-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-45105 - Affiliate Toolkit Plugin

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.

PLUGIN Affiliate Toolkit

CVE-2023-45105

MEDIUM CVSS 4.7 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-25715 - Gamipress Plugin

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.

PLUGIN Gamipress

CVE-2023-25715

MEDIUM CVSS 5.4 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5432 - Jquery News Ticker Plugin

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Jquery News Ticker

CVE-2023-5432

MEDIUM CVSS 6.4 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5413 - Image Horizontal Reel Scroll Slideshow Plugin

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Image Horizontal Reel Scroll Slideshow

CVE-2023-5413

MEDIUM CVSS 6.4 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6488 - Shortcodes Ultimate Plugin

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Shortcodes Ultimate

CVE-2023-6488

MEDIUM CVSS 5.4 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-46154 - E2pdf Plugin

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.

PLUGIN E2pdf

CVE-2023-46154

MEDIUM CVSS 6.6 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-49821 - Wp Live Chat Plugin

Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.

PLUGIN Wp Live Chat

CVE-2023-49821

MEDIUM CVSS 5.4 2023-12-18
Open Full Technical Breakdown
Scroll to top