Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,036
Critical923
High3,047
Medium10,866
Reset
Showing 7821-7840 of 15036 records
Threat Entry Updated 2024-10-30

CVE-2024-9061 - Wp Popup Builder Plugin

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version…

PLUGIN Wp Popup Builder

CVE-2024-9061

HIGH CVSS 7.3 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-30

CVE-2024-9540 - Sina Extension For Elementor Plugin

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

PLUGIN Sina Extension For Elementor

CVE-2024-9540

MEDIUM CVSS 4.3 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-30

CVE-2021-4452 - Google Language Translator Plugin

The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.

PLUGIN Google Language Translator

CVE-2021-4452

HIGH CVSS 7.1 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-16

CVE-2023-7296 - Bigbluebutton Plugin

The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Bigbluebutton

CVE-2023-7296

MEDIUM CVSS 6.4 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-16

CVE-2023-7295 - Video Grid Plugin

The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Video Grid

CVE-2023-7295

MEDIUM CVSS 6.1 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-12-31

CVE-2024-9582 - Accordion Slider Plugin

The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin's admin area via the `Access` plugin setting, which is…

PLUGIN Accordion Slider

CVE-2024-9582

MEDIUM CVSS 6.4 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2024-8507 - File Manager Plugin

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN File Manager

CVE-2024-8507

HIGH CVSS 8.8 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2024-8746 - File Manager Plugin

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible.

PLUGIN File Manager

CVE-2024-8746

HIGH CVSS 7.5 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2024-8918 - File Manager Plugin

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.

PLUGIN File Manager

CVE-2024-8918

HIGH CVSS 7.4 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7294 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.

PLUGIN Donations

CVE-2023-7294

HIGH CVSS 7.1 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7291 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account.

PLUGIN Donations

CVE-2023-7291

HIGH CVSS 7.1 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7289 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.

PLUGIN Donations

CVE-2023-7289

MEDIUM CVSS 5.4 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7293 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.

PLUGIN Donations

CVE-2023-7293

MEDIUM CVSS 4.3 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7292 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.

PLUGIN Donations

CVE-2023-7292

MEDIUM CVSS 4.3 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7290 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.

PLUGIN Donations

CVE-2023-7290

MEDIUM CVSS 4.3 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-16

CVE-2023-7286 - ACF Quick Edit Fields Plugin

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.

PLUGIN ACF Quick Edit Fields

CVE-2023-7286

MEDIUM CVSS 6.5 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7288 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.

PLUGIN Donations

CVE-2023-7288

MEDIUM CVSS 5.4 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-17

CVE-2023-7287 - Donations Plugin

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.

PLUGIN Donations

CVE-2023-7287

MEDIUM CVSS 5.4 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4449 - Zoomsounds Plugin

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2021-4457 is a duplicate of this.

PLUGIN Zoomsounds

CVE-2021-4449

CRITICAL CVSS 9.8 2024-10-16
Open Full Technical Breakdown
Threat Entry Updated 2024-10-30

CVE-2021-4450 - Post Grid Plugin

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Post Grid

CVE-2021-4450

HIGH CVSS 8.8 2024-10-16
Open Full Technical Breakdown
Scroll to top