Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8401-8420 of 10866 records
Threat Entry Updated 2025-04-23

CVE-2023-5089 - Defender Security Plugin

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

PLUGIN Defender Security

CVE-2023-5089

MEDIUM CVSS 5.3 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4933 - Wp Job Openings Plugin

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

PLUGIN Wp Job Openings

CVE-2023-4933

MEDIUM CVSS 5.3 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4819 - Shared Files Plugin

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.

PLUGIN Shared Files

CVE-2023-4819

MEDIUM CVSS 6.1 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4687 - Before 1 Plugin

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.

PLUGIN Before 1

CVE-2023-4687

MEDIUM CVSS 6.1 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2023-4820 - Powerpress Podcasting Plugin By Blubrry

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.

PLUGIN Powerpress Podcasting Plugin By Blubrry

CVE-2023-4820

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4811 - Wordpress File Upload Plugin

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

PLUGIN Wordpress File Upload

CVE-2023-4811

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4805 - Before 2 Plugin

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 2

CVE-2023-4805

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4798 - Before 1 Plugin

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.

PLUGIN Before 1

CVE-2023-4798

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4795 - Testimonial Slider Shortcode Plugin

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

PLUGIN Testimonial Slider Shortcode

CVE-2023-4795

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4783 - Magee Shortcodes Plugin

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Magee Shortcodes

CVE-2023-4783

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4725 - Simple Posts Ticker Plugin

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Simple Posts Ticker

CVE-2023-4725

MEDIUM CVSS 4.8 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4290 - Wp Matterport Shortcode Plugin

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin

PLUGIN Wp Matterport Shortcode

CVE-2023-4290

MEDIUM CVSS 6.1 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4646 - Simple Posts Ticker Plugin

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Simple Posts Ticker

CVE-2023-4646

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4289 - Wp Matterport Shortcode Plugin

The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Wp Matterport Shortcode

CVE-2023-4289

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-3746 - Before 1 Plugin

The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks

PLUGIN Before 1

CVE-2023-3746

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4388 - Before 2 Plugin

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 2

CVE-2023-4388

MEDIUM CVSS 4.8 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-3279 - Wordpress Gallery Plugin

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

PLUGIN Wordpress Gallery

CVE-2023-3279

MEDIUM CVSS 4.9 2023-10-16
Open Full Technical Breakdown
Scroll to top