Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8701-8720 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-2605 - Before 2 Plugin

The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.

PLUGIN Before 2

CVE-2023-2605

MEDIUM CVSS 6.1 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-1891 - Before 1 Plugin

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

PLUGIN Before 1

CVE-2023-1891

MEDIUM CVSS 6.1 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-0588 - Catalyst Connect Zoho Crm Client Portal Plugin

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.

PLUGIN Catalyst Connect Zoho Crm Client Portal

CVE-2023-0588

MEDIUM CVSS 6.1 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2580 - Ai Engine Plugin

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

PLUGIN Ai Engine

CVE-2023-2580

MEDIUM CVSS 4.8 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2178 - Aajoda Testimonials Plugin

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Aajoda Testimonials

CVE-2023-2178

MEDIUM CVSS 4.8 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-1166 - Before 16 Plugin

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

PLUGIN Before 16

CVE-2023-1166

MEDIUM CVSS 4.8 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-0873 - Kanban Boards For Plugin

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Kanban Boards For

CVE-2023-0873

MEDIUM CVSS 4.8 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2025-01-13

CVE-2023-3412 - Image Map Pro Plugin

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.

PLUGIN Image Map Pro

CVE-2023-3412

MEDIUM CVSS 6.4 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2025-01-13

CVE-2023-3411 - Image Map Pro Plugin

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajax_store_save() function. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Image Map Pro

CVE-2023-3411

MEDIUM CVSS 6.1 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3132 - Mainwp Child Plugin

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.

PLUGIN Mainwp Child

CVE-2023-3132

MEDIUM CVSS 5.9 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3371 - Embedpress Plugin

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.

PLUGIN Embedpress

CVE-2023-3371

MEDIUM CVSS 5.3 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3387 - Lana Text To Image Plugin

The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Lana Text To Image

CVE-2023-3387

MEDIUM CVSS 6.4 2023-06-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-35090 - Masterstudy Lms Plugin

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin

PLUGIN Masterstudy Lms

CVE-2023-35090

MEDIUM CVSS 6.5 2023-06-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3320 - Wp Sticky Social Plugin

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wp Sticky Social

CVE-2023-3320

MEDIUM CVSS 6.1 2023-06-20
Open Full Technical Breakdown
Threat Entry Updated 2024-12-12

CVE-2023-2779 - Social Login And Social Comments Plugin

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Social Login And Social Comments

CVE-2023-2779

MEDIUM CVSS 6.1 2023-06-19
Open Full Technical Breakdown
Scroll to top