Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-09
CVE-2024-11719 - Tarteaucitron Wp Plugin
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Tarteaucitron Wp
CVE-2024-11719
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11718 - Tarteaucitron Wp Plugin
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Tarteaucitron Wp
CVE-2024-11718
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11502 - Planning Center Online Giving Plugin
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Planning Center Online Giving
CVE-2024-11502
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2024-12679 - Before 1 Plugin
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-12679
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11843 - Through 1 Plugin
The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Through 1
CVE-2024-11843
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11373 - Connexion Logs Plugin
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Connexion Logs
CVE-2024-11373
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11267 - Jsp Store Locator Plugin
The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks.
PLUGIN
Jsp Store Locator
CVE-2024-11267
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11269 - Through 1 Plugin
The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks.
PLUGIN
Through 1
CVE-2024-11269
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11141 - Sailthru Triggermail Plugin
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Sailthru Triggermail
CVE-2024-11141
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11266 - Geocache Stat Bar Widget Plugin
The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Geocache Stat Bar Widget
CVE-2024-11266
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11221 - Background Image Slideshow Plugin
The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Background Image Slideshow
CVE-2024-11221
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-11190 - Jwp A11y Plugin
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Jwp A11y
CVE-2024-11190
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11189 - Social Share And Social Locker Plugin
The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Social Share And Social Locker
CVE-2024-11189
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10631 - Countdown Timer For Wordpress Block Editor Plugin
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Countdown Timer For Wordpress Block Editor
CVE-2024-10631
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-10818 - Jsfiddle Shortcode Plugin
The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Jsfiddle Shortcode
CVE-2024-10818
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10504 - Popup Form Builder Plugin
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
PLUGIN
Popup Form Builder
CVE-2024-10504
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-11109 - Wp Google Review Slider Plugin
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Wp Google Review Slider
CVE-2024-11109
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-10639 - Auto Prune Posts Plugin
The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Auto Prune Posts
CVE-2024-10639
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10632 - Nokaut Offers Box Plugin
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Nokaut Offers Box
CVE-2024-10632
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10475 - Lead Generation Plugin
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Lead Generation
CVE-2024-10475
Risk Score