Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-09-26
CVE-2024-8622 - Amcharts Charts And Maps Plugin
The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Amcharts Charts And Maps
CVE-2024-8622
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-8529 - Learnpress Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Learnpress
CVE-2024-8529
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-8522 - Learnpress Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Learnpress
CVE-2024-8522
Risk Score
Threat Entry
Updated 2024-09-30
CVE-2024-7862 - Blogintroduction Plugin
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Blogintroduction
CVE-2024-7862
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8056 - Mm Breaking News Plugin
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
PLUGIN
Mm Breaking News
CVE-2024-8056
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-8054 - Mm Breaking News Plugin
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Mm Breaking News
CVE-2024-8054
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2024-7766 - Adicon Server Plugin
The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Adicon Server
CVE-2024-7766
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2024-7859 - Visual Sound Plugin
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Visual Sound
CVE-2024-7859
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7820 - Ilc Thickbox Plugin
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Ilc Thickbox
CVE-2024-7820
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7817 - Misiek Photo Album Plugin
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack
PLUGIN
Misiek Photo Album
CVE-2024-7817
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7861 - Misiek Paypal Plugin
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Misiek Paypal
CVE-2024-7861
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7860 - Simple Headline Rotator Plugin
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Simple Headline Rotator
CVE-2024-7860
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7822 - Quick Code Plugin
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Quick Code
CVE-2024-7822
Risk Score
Threat Entry
Updated 2024-09-27
CVE-2024-7818 - Misiek Photo Album Plugin
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Misiek Photo Album
CVE-2024-7818
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2024-7816 - Gixaw Chat Plugin
The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
PLUGIN
Gixaw Chat
CVE-2024-7816
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-6019 - Music Request Manager Plugin
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
PLUGIN
Music Request Manager
CVE-2024-6019
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2024-6887 - Giveaways And Contests By Rafflepress Plugin
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Giveaways And Contests By Rafflepress
CVE-2024-6887
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-6018 - Music Request Manager Plugin
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
PLUGIN
Music Request Manager
CVE-2024-6018
Risk Score
Threat Entry
Updated 2024-09-13
CVE-2024-6017 - Music Request Manager Plugin
The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Music Request Manager
CVE-2024-6017
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2024-5799 - Cm Pop Up Banners For Plugin
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
PLUGIN
Cm Pop Up Banners For
CVE-2024-5799
Risk Score