Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8281-8300 of 10866 records
Threat Entry Updated 2025-02-26

CVE-2023-5352 - Awesome Support Plugin

The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.

PLUGIN Awesome Support

CVE-2023-5352

MEDIUM CVSS 4.3 2023-11-06
Open Full Technical Breakdown
Threat Entry Updated 2025-02-26

CVE-2023-4858 - Simple Table Manager Plugin

The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Simple Table Manager

CVE-2023-4858

MEDIUM CVSS 4.8 2023-11-06
Open Full Technical Breakdown
Threat Entry Updated 2025-02-26

CVE-2023-4810 - Responsive Pricing Table Plugin

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Responsive Pricing Table

CVE-2023-4810

MEDIUM CVSS 4.8 2023-11-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5946 - Digirisk Plugin

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Digirisk

CVE-2023-5946

MEDIUM CVSS 6.1 2023-11-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5707 - Seo Slider Plugin

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Seo Slider

CVE-2023-5707

MEDIUM CVSS 6.4 2023-11-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5945 - Video Carousel Slider With Lightbox Plugin

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Video Carousel Slider With Lightbox

CVE-2023-5945

MEDIUM CVSS 4.3 2023-11-03
Open Full Technical Breakdown
Threat Entry Updated 2025-05-12

CVE-2023-5606 - Wpbot Plugin

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.

PLUGIN Wpbot

CVE-2023-5606

MEDIUM CVSS 4.4 2023-11-02
Open Full Technical Breakdown
Threat Entry Updated 2025-04-22

CVE-2023-5307 - Photos And Files Contest Gallery Plugin

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.

PLUGIN Photos And Files Contest Gallery

CVE-2023-5307

MEDIUM CVSS 6.1 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-22

CVE-2023-5238 - Before 3 Plugin

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.

PLUGIN Before 3

CVE-2023-5238

MEDIUM CVSS 6.1 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-22

CVE-2023-5211 - Before 6 Plugin

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.

PLUGIN Before 6

CVE-2023-5211

MEDIUM CVSS 6.1 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5458 - Otf File Upload Plugin

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

PLUGIN Otf File Upload

CVE-2023-5458

MEDIUM CVSS 5.4 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-22

CVE-2023-5237 - Memberlite Shortcodes Plugin

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

PLUGIN Memberlite Shortcodes

CVE-2023-5237

MEDIUM CVSS 5.4 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4823 - Wp Meta And Date Remover Plugin

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.

PLUGIN Wp Meta And Date Remover

CVE-2023-4823

MEDIUM CVSS 5.4 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-5243 - Login Screen Manager Plugin

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Login Screen Manager

CVE-2023-5243

MEDIUM CVSS 4.8 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-5229 - Before 1 Plugin

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN Before 1

CVE-2023-5229

MEDIUM CVSS 4.8 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-5519 - Before 3 Plugin

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.

PLUGIN Before 3

CVE-2023-5519

MEDIUM CVSS 4.3 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-03

CVE-2023-4836 - Wordpress File Sharing Plugin

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

PLUGIN Wordpress File Sharing

CVE-2023-4836

MEDIUM CVSS 4.3 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-03

CVE-2023-4250 - Before 3 Plugin

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Before 3

CVE-2023-4250

MEDIUM CVSS 6.1 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4390 - Before 3 Plugin

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

PLUGIN Before 3

CVE-2023-4390

MEDIUM CVSS 4.8 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-04-22

CVE-2023-4251 - Before 3 Plugin

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.

PLUGIN Before 3

CVE-2023-4251

MEDIUM CVSS 4.3 2023-10-31
Open Full Technical Breakdown
Scroll to top