Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-03-13
CVE-2024-38345 - Sola Testimonials Plugin
A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.
PLUGIN
Sola Testimonials
CVE-2024-38345
Risk Score
Threat Entry
Updated 2024-12-06
CVE-2024-38344 - Wp Tweet Walls Plugin
A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.
PLUGIN
Wp Tweet Walls
CVE-2024-38344
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6340 - Premium Addons For Elementor Plugin
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Premium Addons For Elementor
CVE-2024-6340
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6263 - Wp Lightbox 2 Plugin
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Lightbox 2
CVE-2024-6263
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4482 - Plus Addons For Elementor Plugin
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied 'text_days' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Plus Addons For Elementor
CVE-2024-4482
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2376 - Wpqa Builder Plugin
The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PLUGIN
Wpqa Builder
CVE-2024-2376
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2375 - Wpqa Builder Plugin
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
PLUGIN
Wpqa Builder
CVE-2024-2375
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2234 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks
THEME
Before 2
CVE-2024-2234
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2235 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
THEME
Before 2
CVE-2024-2235
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2233 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group
THEME
Before 2
CVE-2024-2233
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2040 - Before 2 Theme
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack
THEME
Before 2
CVE-2024-2040
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4543 - Snippet Shortcodes Plugin
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Snippet Shortcodes
CVE-2024-4543
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6264 - Post Meta Data Manager Plugin
The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Post Meta Data Manager
CVE-2024-6264
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4268 - Ultimate Blocks Plugin
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Ultimate Blocks
CVE-2024-4268
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6099 - Learnpress Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
PLUGIN
Learnpress
CVE-2024-6099
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6088 - Learnpress Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user registration to create a new account with the default role.
PLUGIN
Learnpress
CVE-2024-6088
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6011 - Cost Calculator Builder Plugin
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Cost Calculator Builder
CVE-2024-6011
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-6012 - Cost Calculator Builder Plugin
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts.
PLUGIN
Cost Calculator Builder
CVE-2024-6012
Risk Score
Threat Entry
Updated 2025-07-11
CVE-2024-5260 - Sina Extension For Elementor Plugin
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Sina Extension For Elementor
CVE-2024-5260
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5545 - Motors Car Dealer Classifieds Listing Plugin
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
PLUGIN
Motors Car Dealer Classifieds Listing
CVE-2024-5545
Risk Score