Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-10-22
CVE-2024-9452 - Branding Plugin
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Branding
CVE-2024-9452
Risk Score
Threat Entry
Updated 2024-10-22
CVE-2024-9383 - Parcel Pro Plugin
The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Parcel Pro
CVE-2024-9383
Risk Score
Threat Entry
Updated 2024-10-22
CVE-2024-9382 - Gantry Plugin
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Gantry
CVE-2024-9382
Risk Score
Threat Entry
Updated 2024-10-22
CVE-2024-9373 - Elemenda Plugin
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Elemenda
CVE-2024-9373
Risk Score
Threat Entry
Updated 2024-10-22
CVE-2024-9366 - Easy Menu Manager Plugin
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Easy Menu Manager
CVE-2024-9366
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-9350 - Woo Shipping Dpd Baltic Plugin
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Woo Shipping Dpd Baltic
CVE-2024-9350
Risk Score
Threat Entry
Updated 2024-10-22
CVE-2024-9364 - Sendgrid Plugin
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's log files.
PLUGIN
Sendgrid
CVE-2024-9364
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-9361 - Bulk Images Optimizer Plugin
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.
PLUGIN
Bulk Images Optimizer
CVE-2024-9361
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-8916 - Suki Sites Import Plugin
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Suki Sites Import
CVE-2024-8916
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-8790 - Social Share With Floating Bar Plugin
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Social Share With Floating Bar
CVE-2024-8790
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-8740 - Getresponse Forms Plugin
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Getresponse Forms
CVE-2024-8740
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-10049 - Woo Edit Templates Plugin
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Woo Edit Templates
CVE-2024-10049
Risk Score
Threat Entry
Updated 2024-11-01
CVE-2024-10040 - Infinite Scroll Plugin
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Infinite Scroll
CVE-2024-10040
Risk Score
Threat Entry
Updated 2024-10-29
CVE-2024-10014 - Flat Ui Button Plugin
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Flat Ui Button
CVE-2024-10014
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-49302 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.
CORE
WordPress Core
CVE-2024-49302
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-49322 - WordPress Core
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.
CORE
WordPress Core
CVE-2024-49322
Risk Score
Threat Entry
Updated 2025-12-12
CVE-2024-9898 - Parallax Image Plugin
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Parallax Image
CVE-2024-9898
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-9184 - Sendpulse Free Web Push Plugin
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Sendpulse Free Web Push
CVE-2024-9184
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-8920 - Custom Web Fonts Manager Plugin
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
PLUGIN
Custom Web Fonts Manager
CVE-2024-8920
Risk Score
Threat Entry
Updated 2024-10-18
CVE-2024-9951 - Wp Photo Album Plus Plugin
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Wp Photo Album Plus
CVE-2024-9951
Risk Score