Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-15
CVE-2024-13624 - Wpmovielibrary Plugin
The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Wpmovielibrary
CVE-2024-13624
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13678 - R3w Instafeed Plugin
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
R3w Instafeed
CVE-2024-13678
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2024-13669 - Calendapp Plugin
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Calendapp
CVE-2024-13669
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13634 - Post Sync Plugin
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Post Sync
CVE-2024-13634
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13630 - Newsticker Plugin
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Newsticker
CVE-2024-13630
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-13629 - Pushbiz Plugin
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Pushbiz
CVE-2024-13629
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-13628 - Wp Pricing Table Plugin
The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Wp Pricing Table
CVE-2024-13628
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-13571 - Post Timeline Plugin
The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Post Timeline
CVE-2024-13571
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-12878 - Custom Block Builder Plugin
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Custom Block Builder
CVE-2024-12878
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-12737 - Services And Events Plugin
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Services And Events
CVE-2024-12737
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-13113 - Countdown Timer For Elementor Plugin
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
PLUGIN
Countdown Timer For Elementor
CVE-2024-13113
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2024-12434 - Suremembers Plugin
The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content.
PLUGIN
Suremembers
CVE-2024-12434
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2024-13560 - Subscriptions Memberships For Paypal Plugin
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Subscriptions Memberships For Paypal
CVE-2024-13560
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10483 - Before 6 Plugin
The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
PLUGIN
Before 6
CVE-2024-10483
Risk Score
Threat Entry
Updated 2025-05-20
CVE-2024-10563 - Woocommerce Cart Count Shortcode Plugin
The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Woocommerce Cart Count Shortcode
CVE-2024-10563
Risk Score
Threat Entry
Updated 2025-05-15
CVE-2024-10152 - Simple Certain Time To Show Content Plugin
The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Simple Certain Time To Show Content
CVE-2024-10152
Risk Score
Threat Entry
Updated 2025-02-25
CVE-2025-26913 - AR For WordPress Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webandprint AR For WordPress allows DOM-Based XSS. This issue affects AR For WordPress: from n/a through 7.7.
PLUGIN
AR For WordPress
CVE-2025-26913
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2025-1262 - Advanced Google Recaptcha Plugin
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
PLUGIN
Advanced Google Recaptcha
CVE-2025-1262
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-13695 - Enfold Plugin
The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Enfold
CVE-2024-13695
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-13693 - Enfold Plugin
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set.
PLUGIN
Enfold
CVE-2024-13693
Risk Score