Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-4689 - Elementor Addon Elements Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Elementor Addon Elements
CVE-2023-4689
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4723 - Elementor Addon Elements Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.
PLUGIN
Elementor Addon Elements
CVE-2023-4723
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5381 - Elementor Addon Elements Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Elementor Addon Elements
CVE-2023-5381
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4602 - Namaste Lms Plugin
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Namaste Lms
CVE-2023-4602
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6133 - Forminator Plugin
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed.
PLUGIN
Forminator
CVE-2023-6133
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4889 - Shareaholic Plugin
The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Shareaholic
CVE-2023-4889
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6109 - Yop Poll Plugin
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.
PLUGIN
Yop Poll
CVE-2023-6109
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4603 - Star Cloudprnt For Woocommerce Plugin
The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Star Cloudprnt For Woocommerce
CVE-2023-4603
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5741 - Powr Plugin
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Powr
CVE-2023-5741
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4775 - Advanced Iframe Plugin
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Advanced Iframe
CVE-2023-4775
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-34013 - Poll Maker Plugin
Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.
PLUGIN
Poll Maker
CVE-2023-34013
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-47230 - Wordpress Contact Forms Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin
PLUGIN
Wordpress Contact Forms
CVE-2023-47230
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-26524 - Quiz And Survey Master Plugin
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin
PLUGIN
Quiz And Survey Master
CVE-2023-26524
Risk Score
Threat Entry
Updated 2025-05-07
CVE-2023-28172 - Wp Maps Plugin
Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin
PLUGIN
Wp Maps
CVE-2023-28172
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-46627 - Wordpress Simple Html Sitemap Plugin
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin
PLUGIN
Wordpress Simple Html Sitemap
CVE-2023-46627
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5982 - Updraftplus Plugin
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.…
PLUGIN
Updraftplus
CVE-2023-5982
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5819 - Amazonify Plugin
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS.
PLUGIN
Amazonify
CVE-2023-5819
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5818 - Amazonify Plugin
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Amazonify
CVE-2023-5818
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5703 - Gift Up Gift Cards For Wordpress And Woocommerce Plugin
The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Gift Up Gift Cards For Wordpress And Woocommerce
CVE-2023-5703
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5669 - Featured Image Caption Plugin
The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Featured Image Caption
CVE-2023-5669
Risk Score