Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,036
Critical923
High3,047
Medium10,866
Reset
Showing 6601-6620 of 15036 records
Threat Entry Updated 2025-02-26

CVE-2024-12030 - Wordpress Meta Data And Taxonomies Filter Plugin

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Wordpress Meta Data And Taxonomies Filter

CVE-2024-12030

MEDIUM CVSS 6.5 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-03-06

CVE-2024-12205 - Themesflat Addons For Elementor

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

THEME Themesflat Addons For Elementor

CVE-2024-12205

MEDIUM CVSS 6.4 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-11270 - Webinarpress Plugin

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.

PLUGIN Webinarpress

CVE-2024-11270

HIGH CVSS 8.8 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-11816 - Ultimate Wordpress Toolkit Plugin

The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.

PLUGIN Ultimate Wordpress Toolkit

CVE-2024-11816

HIGH CVSS 8.8 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-04-14

CVE-2024-11916 - Wp Extended Plugin

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with

PLUGIN Wp Extended

CVE-2024-11916

HIGH CVSS 7.4 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-12521 - Slotti Ajanvaraus Plugin

The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Slotti Ajanvaraus

CVE-2024-12521

MEDIUM CVSS 6.4 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-12112 - And Custom Form Builder Plugin

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN And Custom Form Builder

CVE-2024-12112

MEDIUM CVSS 6.4 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-07-11

CVE-2024-12713 - Sureforms Plugin

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.

PLUGIN Sureforms

CVE-2024-12713

MEDIUM CVSS 5.3 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-12738 - Profile Builder Plugin

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks a link to show user meta.

PLUGIN Profile Builder

CVE-2024-12738

MEDIUM CVSS 6.1 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-12131 - Wp Job Portal Plugin

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs.

PLUGIN Wp Job Portal

CVE-2024-12131

MEDIUM CVSS 4.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-12711 - Rsvp And Event Management Plugin

The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders.

PLUGIN Rsvp And Event Management

CVE-2024-12711

MEDIUM CVSS 5.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-22

CVE-2024-12316 - Jupiter X Core Plugin

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.

PLUGIN Jupiter X Core

CVE-2024-12316

MEDIUM CVSS 5.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-12532 - Bwd Elementor Addons Plugin

The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

PLUGIN Bwd Elementor Addons

CVE-2024-12532

MEDIUM CVSS 4.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-09-30

CVE-2024-11826 - Quill Forms Plugin

The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Quill Forms

CVE-2024-11826

MEDIUM CVSS 6.4 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-22

CVE-2024-12033 - Jupiter X Core Plugin

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries

PLUGIN Jupiter X Core

CVE-2024-12033

MEDIUM CVSS 4.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2025-22349 - WordPress Auction Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.

PLUGIN WordPress Auction Plugin

CVE-2025-22349

HIGH CVSS 7.6 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2025-22298 - Hive Support – WordPress Help Desk Plugin

Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6.

PLUGIN Hive Support – WordPress Help Desk

CVE-2025-22298

MEDIUM CVSS 4.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-12699 - Service Boxs Plugin

The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Service Boxs

CVE-2024-12699

MEDIUM CVSS 6.4 2025-01-07
Open Full Technical Breakdown
Scroll to top