Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-04
CVE-2024-9599 - Before 4 Plugin
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 4
CVE-2024-9599
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9238 - Avif Uploader Plugin
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Avif Uploader
CVE-2024-9238
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8854 - Before 1 Plugin
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
PLUGIN
Before 1
CVE-2024-8854
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9390 - Before 6 Plugin
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 6
CVE-2024-9390
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9236 - Before 4 Plugin
The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 4
CVE-2024-9236
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-9227 - Powerpress Podcasting Plugin By Blubrry
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Powerpress Podcasting Plugin By Blubrry
CVE-2024-9227
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9182 - Before 2 Plugin
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
PLUGIN
Before 2
CVE-2024-9182
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-9233 - Before 3 Plugin
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Before 3
CVE-2024-9233
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-8673 - Before 1 Plugin
The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.
PLUGIN
Before 1
CVE-2024-8673
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8700 - Event Calendar Plugin
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
PLUGIN
Event Calendar
CVE-2024-8700
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-8699 - Before 1 Plugin
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
PLUGIN
Before 1
CVE-2024-8699
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-8703 - Before 1 Plugin
The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs.
PLUGIN
Before 1
CVE-2024-8703
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8851 - Before 1 Plugin
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
PLUGIN
Before 1
CVE-2024-8851
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8759 - Nested Pages Plugin
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Nested Pages
CVE-2024-8759
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8702 - Backup Database Plugin
The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Backup Database
CVE-2024-8702
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-8701 - Events Calendar Plugin
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Events Calendar
CVE-2024-8701
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8670 - Photo Gallery By 10web Plugin
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Photo Gallery By 10web
CVE-2024-8670
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8620 - Mappress Maps For Plugin
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Mappress Maps For
CVE-2024-8620
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-8619 - Ajax Search Lite Plugin
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Ajax Search Lite
CVE-2024-8619
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2024-8618 - Before 1 Plugin
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-8618
Risk Score