Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-20
CVE-2024-2472 - Latepoint Plugin
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.
PLUGIN
Latepoint
CVE-2024-2472
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-4863 - Gutenberg Blocks With Ai Plugin
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Gutenberg Blocks With Ai
CVE-2024-4863
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5577 - Where I Was Where I Will Be Plugin
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version
PLUGIN
Where I Was Where I Will Be
CVE-2024-5577
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2024-5994 - Wp Go Maps Plugin
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 9.0.39 adds a caution to make administrators aware of the possibility for abuse if permissions are granted to lower-level users.
PLUGIN
Wp Go Maps
CVE-2024-5994
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5551 - Wp Staging Plugin
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration plugin. This makes it possible for unauthenticated attackers to include any local files that end in '-settings.php' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Wp Staging
CVE-2024-5551
Risk Score
Threat Entry
Updated 2025-06-06
CVE-2024-5155 - Inquiry Cart Plugin
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Inquiry Cart
CVE-2024-5155
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-4480 - Prayer Plugin
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Prayer
CVE-2024-4480
Risk Score
Threat Entry
Updated 2025-07-11
CVE-2024-4751 - Prayer Plugin
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Prayer
CVE-2024-4751
Risk Score
Threat Entry
Updated 2025-01-10
CVE-2024-4404 - Elementskit Plugin
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Elementskit
CVE-2024-4404
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3966 - Pray For Me Plugin
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin
PLUGIN
Pray For Me
CVE-2024-3966
Risk Score
Threat Entry
Updated 2025-03-24
CVE-2024-4270 - Svgmagic Plugin
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Svgmagic
CVE-2024-4270
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3978 - Wordpress Jitsi Shortcode Plugin
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Wordpress Jitsi Shortcode
CVE-2024-3978
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3965 - Pray For Me Plugin
The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Pray For Me
CVE-2024-3965
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-4005 - Social Pixel Plugin
The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Social Pixel
CVE-2024-4005
Risk Score
Threat Entry
Updated 2025-03-25
CVE-2024-3992 - Amen Plugin
The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Amen
CVE-2024-3992
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3977 - Wordpress Jitsi Shortcode Plugin
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Wordpress Jitsi Shortcode
CVE-2024-3977
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-4271 - Svgator Plugin
The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PLUGIN
Svgator
CVE-2024-4271
Risk Score
Threat Entry
Updated 2025-05-13
CVE-2024-3993 - Azan Plugin
The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Azan
CVE-2024-3993
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3972 - Similarity Plugin
The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PLUGIN
Similarity
CVE-2024-3972
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-3971 - Similarity Plugin
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
PLUGIN
Similarity
CVE-2024-3971
Risk Score