Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-11
CVE-2024-11892 - Accordion Slider Lite Plugin
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Accordion Slider Lite
CVE-2024-11892
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-11874 - Grid Accordion Lite Plugin
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Grid Accordion Lite
CVE-2024-11874
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-11758 - Wp Spid Italia Plugin
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Spid Italia
CVE-2024-11758
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-12116 - Unlimited Theme Addons Plugin
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
PLUGIN
Unlimited Theme Addons
CVE-2024-12116
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-11915 - Rrdevs For Elementor Plugin
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
PLUGIN
Rrdevs For Elementor
CVE-2024-11915
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-11386 - Gatormail Smart Forms Plugin
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Gatormail Smart Forms
CVE-2024-11386
Risk Score
Threat Entry
Updated 2025-05-17
CVE-2024-12587 - Contact Form Master Plugin
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Contact Form Master
CVE-2024-12587
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-12304 - Gutenberg Blocks With Ai Plugin
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Gutenberg Blocks With Ai
CVE-2024-12304
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-12627 - Woocommerce Popups Plugin
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system,…
PLUGIN
Woocommerce Popups
CVE-2024-12627
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-12404 - Internal Link Shortcode Plugin
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Internal Link Shortcode
CVE-2024-12404
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-12505 - Trackserver Plugin
The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Trackserver
CVE-2024-12505
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-12472 - Post Duplicator Plugin
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post.
PLUGIN
Post Duplicator
CVE-2024-12472
Risk Score
Threat Entry
Updated 2025-01-11
CVE-2024-12204 - Woocommerce Popups Plugin
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses.
PLUGIN
Woocommerce Popups
CVE-2024-12204
Risk Score
Threat Entry
Updated 2025-06-05
CVE-2024-11327 - Clickwhale Plugin
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Clickwhale
CVE-2024-11327
Risk Score
Threat Entry
Updated 2025-02-25
CVE-2024-13318 - Essential Wp Real Estate Plugin
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.
PLUGIN
Essential Wp Real Estate
CVE-2024-13318
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-13183 - Orbit Fox Plugin
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Orbit Fox
CVE-2024-13183
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2025-0311 - Orbit Fox Plugin
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Orbit Fox
CVE-2025-0311
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2024-12606 - Ai Scribe The Chatgpt Powered Seo Content Creation Wizard Plugin
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.
PLUGIN
Ai Scribe The Chatgpt Powered Seo Content Creation Wizard
CVE-2024-12606
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2024-12473 - Ai Scribe The Chatgpt Powered Seo Content Creation Wizard Plugin
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to…
PLUGIN
Ai Scribe The Chatgpt Powered Seo Content Creation Wizard
CVE-2024-12473
Risk Score
Threat Entry
Updated 2025-06-27
CVE-2024-10215 - Wpbookit Plugin
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
PLUGIN
Wpbookit
CVE-2024-10215
Risk Score