Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-23
CVE-2024-13627 - Owl Carousel Slider Plugin
The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Owl Carousel Slider
CVE-2024-13627
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2024-13626 - Through 3 Plugin
The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Through 3
CVE-2024-13626
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-13625 - Tube Video Ads Lite Plugin
The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Tube Video Ads Lite
CVE-2024-13625
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-13603 - Wise Forms Plugin
The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.
PLUGIN
Wise Forms
CVE-2024-13603
Risk Score
Threat Entry
Updated 2025-05-14
CVE-2024-13608 - Track Logins Plugin
The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Track Logins
CVE-2024-13608
Risk Score
Threat Entry
Updated 2025-05-23
CVE-2025-0924 - Wp Activity Log Plugin
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Activity Log
CVE-2025-0924
Risk Score
Threat Entry
Updated 2025-02-16
CVE-2025-22676 - AWS S3 for WordPress Plugin – Upcasted
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through 3.0.3.
PLUGIN
AWS S3 for WordPress Plugin – Upcasted
CVE-2025-22676
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13834 - Responsive Addons Plugin
The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Responsive Addons
CVE-2024-13834
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2025-0822 - Bit Assist Plugin
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
PLUGIN
Bit Assist
CVE-2025-0822
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-13488 - Ltl Freight Quotes Plugin
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Ltl Freight Quotes
CVE-2024-13488
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13500 - Wp Project Manager Plugin
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Wp Project Manager
CVE-2024-13500
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13439 - Team Plugin
The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.
PLUGIN
Team
CVE-2024-13439
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-10581 - Directorypress Plugin
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Directorypress
CVE-2024-10581
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-12562 - S2member Plugin
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
PLUGIN
S2member
CVE-2024-12562
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13752 - Wp Project Manager Plugin
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.
PLUGIN
Wp Project Manager
CVE-2024-13752
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2025-1005 - Elementskit Elementor Addons Plugin
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Elementskit Elementor Addons
CVE-2025-1005
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2025-0935 - Media Library Folders Plugin
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking.
PLUGIN
Media Library Folders
CVE-2025-0935
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-13563 - Front End Users Plugin
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Front End Users
CVE-2024-13563
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13525 - Customer Email Verification For Woocommerce Plugin
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user.
PLUGIN
Customer Email Verification For Woocommerce
CVE-2024-13525
Risk Score
Threat Entry
Updated 2025-02-25
CVE-2024-13513 - Oliver Pos Plugin
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.
PLUGIN
Oliver Pos
CVE-2024-13513
Risk Score