Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-05
CVE-2024-6665 - Your Curated Content In Plugin
The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Your Curated Content In
CVE-2024-6665
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6478 - Ctt Expresso Para Woocommerce Plugin
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Ctt Expresso Para Woocommerce
CVE-2024-6478
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6462 - Dl Yandex Metrika Plugin
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Dl Yandex Metrika
CVE-2024-6462
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-6711 - Event Tickets With Ticket Scanner Plugin
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks
PLUGIN
Event Tickets With Ticket Scanner
CVE-2024-6711
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6159 - Push Notification For Post And Buddypress Plugin
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
PLUGIN
Push Notification For Post And Buddypress
CVE-2024-6159
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4665 - Before 3 Plugin
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
PLUGIN
Before 3
CVE-2024-4665
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-5440 - If So Dynamic Content Personalization Plugin
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
If So Dynamic Content Personalization
CVE-2024-5440
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-6335 - Tracking Code Manager Plugin
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Tracking Code Manager
CVE-2024-6335
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-5026 - Cm Tooltip Glossary Plugin
The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Cm Tooltip Glossary
CVE-2024-5026
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4091 - Responsive Gallery Grid Plugin
The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Responsive Gallery Grid
CVE-2024-4091
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4004 - Advanced Cron Manager Plugin
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Advanced Cron Manager
CVE-2024-4004
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-4002 - Gallery By Wp Carousel Plugin
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Gallery By Wp Carousel
CVE-2024-4002
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-3901 - Genesis Blocks Plugin
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
PLUGIN
Genesis Blocks
CVE-2024-3901
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-3062 - Save As Image Plugin By Pdfcrowd
The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Save As Image Plugin By Pdfcrowd
CVE-2024-3062
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-3996 - Smart Post Show Plugin
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Smart Post Show
CVE-2024-3996
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-2869 - Easy Property Listings Plugin
The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Easy Property Listings
CVE-2024-2869
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-2643 - And Sticky Header For Any Plugin
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
And Sticky Header For Any
CVE-2024-2643
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-1663 - Ultimate Noindex Nofollow Tool Ii Plugin
The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Ultimate Noindex Nofollow Tool Ii
CVE-2024-1663
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-13865 - Through 4 Plugin
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
PLUGIN
Through 4
CVE-2024-13865
Risk Score
Threat Entry
Updated 2025-06-10
CVE-2024-13828 - Through 1 Plugin
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 1
CVE-2024-13828
Risk Score