Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-29
CVE-2024-11503 - Before 2 Plugin
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 2
CVE-2024-11503
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-11273 - Smtp Plugin For Wordpress By Pirateforms
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Smtp Plugin For Wordpress By Pirateforms
CVE-2024-11273
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-11272 - Smtp Plugin For Wordpress By Pirateforms
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Smtp Plugin For Wordpress By Pirateforms
CVE-2024-11272
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10703 - Registrations For The Events Calendar Plugin
The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Registrations For The Events Calendar
CVE-2024-10703
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-10679 - Before 9 Plugin
The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Before 9
CVE-2024-10679
Risk Score
Threat Entry
Updated 2025-04-01
CVE-2024-10566 - Slider By 10web Plugin
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Slider By 10web
CVE-2024-10566
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2024-10565 - Slider By 10web Plugin
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Slider By 10web
CVE-2024-10565
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2024-12109 - Before 1 Plugin
The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Before 1
CVE-2024-12109
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2024-10638 - Before 1 Plugin
The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Before 1
CVE-2024-10638
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10472 - Stylish Price List Plugin
The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Stylish Price List
CVE-2024-10472
Risk Score
Threat Entry
Updated 2025-04-03
CVE-2024-10560 - Form Maker By 10web Plugin
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Form Maker By 10web
CVE-2024-10560
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10554 - Wordpress Wp Advanced Search Plugin
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Wordpress Wp Advanced Search
CVE-2024-10554
Risk Score
Threat Entry
Updated 2025-04-02
CVE-2024-10105 - Job Postings Plugin
The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Job Postings
CVE-2024-10105
Risk Score
Threat Entry
Updated 2025-03-27
CVE-2025-30608 - WordPress SQL Backup Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.
PLUGIN
WordPress SQL Backup
CVE-2025-30608
Risk Score
Threat Entry
Updated 2025-03-27
CVE-2025-30609 - WooCommerce Plugin
Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3.
PLUGIN
WooCommerce
CVE-2025-30609
Risk Score
Threat Entry
Updated 2025-03-27
CVE-2025-30552 - WordPress Admin Bar Improved Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5.
PLUGIN
WordPress Admin Bar Improved
CVE-2025-30552
Risk Score
Threat Entry
Updated 2025-03-27
CVE-2025-30526 - This Issue Affects Typekit Plugin
Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress allows Cross Site Request Forgery. This issue affects Typekit plugin for WordPress: from n/a through 1.2.3.
PLUGIN
This Issue Affects Typekit
CVE-2025-30526
Risk Score
Threat Entry
Updated 2025-04-08
CVE-2025-1203 - And Carousel By Metaslider Plugin
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
And Carousel By Metaslider
CVE-2025-1203
Risk Score
Threat Entry
Updated 2025-04-08
CVE-2025-1062 - And Carousel By Metaslider Plugin
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
And Carousel By Metaslider
CVE-2025-1062
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-13124 - Photo Gallery By 10web Plugin
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PLUGIN
Photo Gallery By 10web
CVE-2024-13124
Risk Score