Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-08-01
CVE-2025-1303 - Plugin Oficial
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Plugin Oficial
CVE-2025-1303
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2025-1288 - Wooexim Plugin
The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack.
PLUGIN
Wooexim
CVE-2025-1288
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2025-1286 - Download Html Tinymce Button Plugin
The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Download Html Tinymce Button
CVE-2025-1286
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2025-1454 - Ninja Pages Plugin
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ninja Pages
CVE-2025-1454
Risk Score
Threat Entry
Updated 2025-08-01
CVE-2025-1289 - Plugin Oficial
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Plugin Oficial
CVE-2025-1289
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2025-1033 - Badgearoo Plugin
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Badgearoo
CVE-2025-1033
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9831 - Before 3 Plugin
The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Before 3
CVE-2024-9831
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-9765 - Ekc Tournament Manager Plugin
The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory
PLUGIN
Ekc Tournament Manager
CVE-2024-9765
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2025-0688 - Spiritual Gifts Survey And Optional S H A P E Survey Plugin
The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Spiritual Gifts Survey And Optional S H A P E Survey
CVE-2025-0688
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2025-0687 - Spiritual Gifts Survey And Optional S H A P E Survey Plugin
The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Spiritual Gifts Survey And Optional S H A P E Survey
CVE-2025-0687
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9879 - Melapress File Monitor Plugin
The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Melapress File Monitor
CVE-2024-9879
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9838 - Auto Affiliate Links Plugin
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Auto Affiliate Links
CVE-2024-9838
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-9711 - Ekc Tournament Manager Plugin
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Ekc Tournament Manager
CVE-2024-9711
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-9709 - Ekc Tournament Manager Plugin
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Ekc Tournament Manager
CVE-2024-9709
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9663 - Before 2 Plugin
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9663
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2025-0329 - Ai Chatbot For Wordpress Plugin
The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ai Chatbot For Wordpress
CVE-2025-0329
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9882 - Small Businesses Plugin
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Small Businesses
CVE-2024-9882
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2024-9450 - Restaurants And Car Rentals Plugin
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack
PLUGIN
Restaurants And Car Rentals
CVE-2024-9450
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9662 - Before 2 Plugin
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-9662
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9645 - Post Masonry Plugin
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Post Masonry
CVE-2024-9645
Risk Score