Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-48328 - Nextgen Gallery Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.
PLUGIN
Nextgen Gallery
CVE-2023-48328
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5803 - Business Directory Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.
PLUGIN
Business Directory
CVE-2023-5803
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2023-37890 - Kb Support Plugin
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.
PLUGIN
Kb Support
CVE-2023-37890
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-48323 - Awesome Support Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.
PLUGIN
Awesome Support
CVE-2023-48323
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5772 - Debug Log Manager Plugin
The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Debug Log Manager
CVE-2023-5772
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6225 - Shortcodes Ultimate Plugin
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Shortcodes Ultimate
CVE-2023-6225
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6226 - Shortcodes Ultimate Plugin
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.
PLUGIN
Shortcodes Ultimate
CVE-2023-6226
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2023-5958 - Post Smtp Mailer Plugin
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
PLUGIN
Post Smtp Mailer
CVE-2023-5958
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5653 - Wassup Real Time Analytics Plugin
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
PLUGIN
Wassup Real Time Analytics
CVE-2023-5653
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5641 - Easy Seo Backlink Link Building Network Plugin
The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Easy Seo Backlink Link Building Network
CVE-2023-5641
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5942 - Before 1 Plugin
The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-5942
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5738 - Before 1 Plugin
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-5738
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5620 - Web Push Notifications Plugin
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.
PLUGIN
Web Push Notifications
CVE-2023-5620
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5845 - Simple Social Media Share Buttons Plugin
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
PLUGIN
Simple Social Media Share Buttons
CVE-2023-5845
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2023-5611 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
PLUGIN
Seraphinite Accelerator
CVE-2023-5611
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5737 - Before 1 Plugin
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
PLUGIN
Before 1
CVE-2023-5737
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5560 - Wp Useronline Plugin
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.
PLUGIN
Wp Useronline
CVE-2023-5560
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5325 - Woocommerce Vietnam Checkout Plugin
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
PLUGIN
Woocommerce Vietnam Checkout
CVE-2023-5325
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4642 - Kk Star Ratings Plugin
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
PLUGIN
Kk Star Ratings
CVE-2023-4642
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4514 - Mmm Simple File List Plugin
The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Mmm Simple File List
CVE-2023-4514
Risk Score