Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-26
CVE-2024-9653 - Restaurant Menu Food Ordering System Table Reservation Plugin
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Restaurant Menu Food Ordering System Table Reservation
CVE-2024-9653
Risk Score
Threat Entry
Updated 2025-03-31
CVE-2024-10515 - In The Process Of Testing The Seo Plugin By Squirrly Seo
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
PLUGIN
In The Process Of Testing The Seo Plugin By Squirrly Seo
CVE-2024-10515
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-11278 - Gd Bbpress Attachments Plugin
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Gd Bbpress Attachments
CVE-2024-11278
Risk Score
Threat Entry
Updated 2024-11-25
CVE-2024-11400 - Woocommerce Products Filter Plugin
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Woocommerce Products Filter
CVE-2024-11400
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-51807 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress: from n/a through 1.0.8.
CORE
WordPress Core
CVE-2024-51807
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-51634 - WordPress Core
Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3.
CORE
WordPress Core
CVE-2024-51634
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-50541 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0.
CORE
WordPress Core
CVE-2024-50541
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-9830 - Bard Theme
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Bard
CVE-2024-9830
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-11224 - Parallax Image Plugin
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Parallax Image
CVE-2024-11224
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-11198 - Gd Rating System Plugin
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Gd Rating System
CVE-2024-11198
Risk Score
Threat Entry
Updated 2024-11-29
CVE-2024-9777 - Ashe Plugin
The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Ashe
CVE-2024-9777
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-11194 - Business Directory Plugin
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in…
PLUGIN
Business Directory
CVE-2024-11194
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2024-11038 - Wpb Popup For Contact Form 7 Plugin
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
Wpb Popup For Contact Form 7
CVE-2024-11038
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2024-11195 - Email Subscription Popup Plugin
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Email Subscription Popup
CVE-2024-11195
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-11036 - Gamipress Plugin
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
Gamipress
CVE-2024-11036
Risk Score
Threat Entry
Updated 2025-01-23
CVE-2024-10388 - Wordpress Gdpr Plugin
The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wordpress Gdpr
CVE-2024-10388
Risk Score
Threat Entry
Updated 2025-01-23
CVE-2024-11069 - Wordpress Gdpr Plugin
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.
PLUGIN
Wordpress Gdpr
CVE-2024-11069
Risk Score
Threat Entry
Updated 2024-11-19
CVE-2024-11098 - Svg Block Plugin
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Svg Block
CVE-2024-11098
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-10268 - Mp3 Audio Player For Music Radio Podcast Plugin
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Mp3 Audio Player For Music Radio Podcast
CVE-2024-10268
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-10103 - In The Process Of Testing The Mailpoet Plugin
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
PLUGIN
In The Process Of Testing The Mailpoet
CVE-2024-10103
Risk Score