Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8441-8460 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-5334 - Wp Responsive Header Image Slider Plugin

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Responsive Header Image Slider

CVE-2023-5334

MEDIUM CVSS 6.4 2023-10-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5295 - Blog Filter Plugin

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Blog Filter

CVE-2023-5295

MEDIUM CVSS 6.4 2023-09-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5233 - Font Awesome Integration Plugin

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Font Awesome Integration

CVE-2023-5233

MEDIUM CVSS 6.4 2023-09-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5232 - Font Awesome More Icons Plugin

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Font Awesome More Icons

CVE-2023-5232

MEDIUM CVSS 6.4 2023-09-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5230 - Tm Woocommerce Compare Wishlist Plugin

The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Tm Woocommerce Compare Wishlist

CVE-2023-5230

MEDIUM CVSS 6.4 2023-09-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5162 - Options For Twenty Seventeen Plugin

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Options For Twenty Seventeen

CVE-2023-5162

MEDIUM CVSS 6.4 2023-09-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5161 - Modal Window Plugin

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Modal Window

CVE-2023-5161

MEDIUM CVSS 6.4 2023-09-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5135 - Simple Cloudfare Turnstile Plugin

The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Simple Cloudfare Turnstile

CVE-2023-5135

MEDIUM CVSS 6.4 2023-09-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4423 - Wp Event Manager Plugin

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Wp Event Manager

CVE-2023-4423

MEDIUM CVSS 4.4 2023-09-27
Open Full Technical Breakdown
Threat Entry Updated 2026-03-03

CVE-2023-4549 - Dologin Security Plugin

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

PLUGIN Dologin Security

CVE-2023-4549

MEDIUM CVSS 6.1 2023-09-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4476 - Locatoraid Store Locator Plugin

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Locatoraid Store Locator

CVE-2023-4476

MEDIUM CVSS 6.1 2023-09-25
Open Full Technical Breakdown
Threat Entry Updated 2026-03-03

CVE-2023-4631 - Dologin Security Plugin

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.

PLUGIN Dologin Security

CVE-2023-4631

MEDIUM CVSS 5.3 2023-09-25
Open Full Technical Breakdown
Threat Entry Updated 2025-05-02

CVE-2023-4502 - Translate Wordpress With Gtranslate Plugin

The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.

PLUGIN Translate Wordpress With Gtranslate

CVE-2023-4502

MEDIUM CVSS 4.8 2023-09-25
Open Full Technical Breakdown
Threat Entry Updated 2025-05-01

CVE-2023-4148 - Before 3 Plugin

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Before 3

CVE-2023-4148

MEDIUM CVSS 6.1 2023-09-25
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4281 - This Activity Log Plugin

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

PLUGIN This Activity Log

CVE-2023-4281

MEDIUM CVSS 5.3 2023-09-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3226 - Before 4 Plugin

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Before 4

CVE-2023-3226

MEDIUM CVSS 4.8 2023-09-25
Open Full Technical Breakdown
Scroll to top