Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8121-8140 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-6077 - Before 3 Plugin

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected

PLUGIN Before 3

CVE-2023-6077

MEDIUM CVSS 6.5 2023-12-18
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6065 - Quttera Web Malware Scanner Plugin

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code

PLUGIN Quttera Web Malware Scanner

CVE-2023-6065

MEDIUM CVSS 5.3 2023-12-18
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2023-5005 - Autocomplete Location Field Contact Form 7 Plugin

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Autocomplete Location Field Contact Form 7

CVE-2023-5005

MEDIUM CVSS 4.8 2023-12-18
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2023-6289 - Swift Performance Lite Plugin

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

PLUGIN Swift Performance Lite

CVE-2023-6289

MEDIUM CVSS 4.3 2023-12-18
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-49841 - Simple List Building Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3.

PLUGIN Simple List Building

CVE-2023-49841

MEDIUM CVSS 5.9 2023-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-49833 - Spectra Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9.

PLUGIN Spectra

CVE-2023-49833

MEDIUM CVSS 6.5 2023-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-49168 - Better Messages Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.

PLUGIN Better Messages

CVE-2023-49168

MEDIUM CVSS 6.5 2023-12-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50371 - Most Wanted Analytics Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.

PLUGIN Most Wanted Analytics

CVE-2023-50371

MEDIUM CVSS 6.5 2023-12-14
Open Full Technical Breakdown
Threat Entry Updated 2025-05-27

CVE-2023-5907 - File Manager Plugin

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.

PLUGIN File Manager

CVE-2023-5907

MEDIUM CVSS 6.5 2023-12-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5750 - Before 3 Plugin

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 3

CVE-2023-5750

MEDIUM CVSS 6.1 2023-12-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5749 - Before 3 Plugin

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 3

CVE-2023-5749

MEDIUM CVSS 6.1 2023-12-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5955 - Contact Form Email Plugin

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Contact Form Email

CVE-2023-5955

MEDIUM CVSS 4.8 2023-12-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5940 - Wp Not Login Hide Plugin

The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Wp Not Login Hide

CVE-2023-5940

MEDIUM CVSS 4.8 2023-12-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5757 - Wp Crowdfunding Plugin

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Wp Crowdfunding

CVE-2023-5757

MEDIUM CVSS 4.8 2023-12-11
Open Full Technical Breakdown
Threat Entry Updated 2025-02-20

CVE-2023-6120 - Welcart E Commerce Plugin

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

PLUGIN Welcart E Commerce

CVE-2023-6120

MEDIUM CVSS 4.1 2023-12-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5756 - Digital Publications By Supsystic Plugin

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Digital Publications By Supsystic

CVE-2023-5756

MEDIUM CVSS 5.4 2023-12-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-47548 - Integrate Google Drive Plugin

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.

PLUGIN Integrate Google Drive

CVE-2023-47548

MEDIUM CVSS 4.7 2023-12-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-48325 - Landing Page Builder Plugin

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.

PLUGIN Landing Page Builder

CVE-2023-48325

MEDIUM CVSS 4.7 2023-12-07
Open Full Technical Breakdown
Scroll to top