Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-11
CVE-2023-7197 - Marketing Twitter Bot Plugin
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Marketing Twitter Bot
CVE-2023-7197
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-7174 - Abitgone Commentsafe Plugin
The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Abitgone Commentsafe
CVE-2023-7174
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2023-7230 - Through 1 Plugin
The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-7230
Risk Score
Threat Entry
Updated 2025-05-28
CVE-2023-7228 - Through 1 Plugin
The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks.
PLUGIN
Through 1
CVE-2023-7228
Risk Score
Threat Entry
Updated 2025-05-27
CVE-2023-7229 - Through 1 Plugin
The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PLUGIN
Through 1
CVE-2023-7229
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2023-7088 - Through 1 Plugin
The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Through 1
CVE-2023-7088
Risk Score
Threat Entry
Updated 2025-06-09
CVE-2023-7168 - Better Follow Button For Jetpack Plugin
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Better Follow Button For Jetpack
CVE-2023-7168
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-7196 - Ultimate Noindex Nofollow Tool Plugin
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Ultimate Noindex Nofollow Tool
CVE-2023-7196
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-7195 - Wp Reply Notify Plugin
The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
PLUGIN
Wp Reply Notify
CVE-2023-7195
Risk Score
Threat Entry
Updated 2025-08-01
CVE-2023-6786 - Payment Gateway For Telcell Plugin
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
PLUGIN
Payment Gateway For Telcell
CVE-2023-6786
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6541 - Allow Svg Plugin
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Allow Svg
CVE-2023-6541
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2023-7086 - Svg Uploads Support Plugin
The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PLUGIN
Svg Uploads Support
CVE-2023-7086
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6783 - Wolfnet Idx For Plugin
The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Wolfnet Idx For
CVE-2023-6783
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2023-5934 - All Travel Brands In One Place Plugin
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack
PLUGIN
All Travel Brands In One Place
CVE-2023-5934
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-6030 - Logdash Activity Log Plugin
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker
PLUGIN
Logdash Activity Log
CVE-2023-6030
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2023-5932 - All Travel Brands In One Place Plugin
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
All Travel Brands In One Place
CVE-2023-5932
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2023-5529 - Before 8 Plugin
The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 8
CVE-2023-5529
Risk Score
Threat Entry
Updated 2025-06-11
CVE-2023-2334 - Easy Digital Downloads Google Sheet Connector Plugin
The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
PLUGIN
Easy Digital Downloads Google Sheet Connector
CVE-2023-2334
Risk Score
Threat Entry
Updated 2025-05-16
CVE-2025-4564 - Ticketbai Facturas Para Woocommerce Plugin
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
PLUGIN
Ticketbai Facturas Para Woocommerce
CVE-2025-4564
Risk Score
Threat Entry
Updated 2025-06-04
CVE-2025-3742 - Before 2 Plugin
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 2
CVE-2025-3742
Risk Score