Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8641-8660 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-3219 - Before 2 Plugin

The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.

PLUGIN Before 2

CVE-2023-3219

MEDIUM CVSS 5.3 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3225 - Before 5 Plugin

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 5

CVE-2023-3225

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2025-05-12

CVE-2023-3175 - Ai Chatbot Plugin

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Ai Chatbot

CVE-2023-3175

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3129 - Url Shortify Plugin

The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Url Shortify

CVE-2023-3129

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3131 - Before 3 Plugin

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

PLUGIN Before 3

CVE-2023-3131

MEDIUM CVSS 4.3 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-3118 - Export All Urls Plugin

The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Export All Urls

CVE-2023-3118

MEDIUM CVSS 6.1 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-2964 - Simple Iframe Plugin

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.

PLUGIN Simple Iframe

CVE-2023-2964

MEDIUM CVSS 5.4 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2529 - Enable Svg Uploads Plugin

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

PLUGIN Enable Svg Uploads

CVE-2023-2529

MEDIUM CVSS 5.4 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2796 - Before 2 Plugin

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.

PLUGIN Before 2

CVE-2023-2796

MEDIUM CVSS 5.3 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2025-05-05

CVE-2023-2967 - Tinymce Custom Styles Plugin

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Tinymce Custom Styles

CVE-2023-2967

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2709 - An Gradebook Plugin

The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN An Gradebook

CVE-2023-2709

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2635 - Before 1 Plugin

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 1

CVE-2023-2635

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2578 - Buy Me A Coffee Plugin

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Buy Me A Coffee

CVE-2023-2578

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2495 - Greeklish Permalink Plugin

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.

PLUGIN Greeklish Permalink

CVE-2023-2495

MEDIUM CVSS 4.3 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2029 - Prepost Seo Plugin

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Prepost Seo

CVE-2023-2029

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2028 - Call Now Accessibility Button Plugin

The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Call Now Accessibility Button

CVE-2023-2028

MEDIUM CVSS 4.8 2023-07-10
Open Full Technical Breakdown
Scroll to top