Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-09
CVE-2024-10362 - Social Sharing Icons Plugin
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Social Sharing Icons
CVE-2024-10362
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10149 - Social Slider Feed Plugin
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Social Slider Feed
CVE-2024-10149
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-10677 - Through 2 Plugin
The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 2
CVE-2024-10677
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10634 - Nokaut Offers Box Plugin
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack
PLUGIN
Nokaut Offers Box
CVE-2024-10634
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-11140 - Real Wp Shop Lite Ajax Ecommerce Shopping Cart Plugin
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Real Wp Shop Lite Ajax Ecommerce Shopping Cart
CVE-2024-11140
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-0852 - Activity Logging For Plugin
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin
PLUGIN
Activity Logging For
CVE-2024-0852
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10076 - Jetpack Boost Plugin
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
PLUGIN
Jetpack Boost
CVE-2024-10076
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10075 - Before 13 Plugin
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
PLUGIN
Before 13
CVE-2024-10075
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-0970 - This User Activity Tracking And Log Plugin
This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value.
PLUGIN
This User Activity Tracking And Log
CVE-2024-0970
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10145 - Before 1 Plugin
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-10145
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10144 - Slider In Rbs Image Gallery Plugin
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Slider In Rbs Image Gallery
CVE-2024-10144
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-10143 - Custom Taxonomies Plugin
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Custom Taxonomies
CVE-2024-10143
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10107 - Giveaways And Contests By Rafflepress Plugin
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Giveaways And Contests By Rafflepress
CVE-2024-10107
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2024-10054 - Before 1 Plugin
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 1
CVE-2024-10054
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2024-10009 - Melapress File Monitor Plugin
The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Melapress File Monitor
CVE-2024-10009
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2024-10098 - Before 2 Plugin
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
PLUGIN
Before 2
CVE-2024-10098
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-0249 - Advanced Schedule Posts Plugin
The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.
PLUGIN
Advanced Schedule Posts
CVE-2024-0249
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2023-7297 - Through 1 Plugin
The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2023-7297
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2023-7239 - Wp Dashboard Notes Plugin
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.
PLUGIN
Wp Dashboard Notes
CVE-2023-7239
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2023-7231 - Through 1 Plugin
The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.
PLUGIN
Through 1
CVE-2023-7231
Risk Score