Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-2368 - Mollie Forms Plugin
The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Mollie Forms
CVE-2024-2368
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4295 - Email Subscribers Newsletters Plugin
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Email Subscribers Newsletters
CVE-2024-4295
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-3667 - Brizy Plugin
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Brizy
CVE-2024-3667
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-2087 - Brizy Plugin
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Brizy
CVE-2024-2087
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-1940 - Brizy Plugin
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Brizy
CVE-2024-1940
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-1161 - Brizy Plugin
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Brizy
CVE-2024-1161
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5149 - Buddyforms Plugin
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
PLUGIN
Buddyforms
CVE-2024-5149
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5483 - Learnpress Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails
PLUGIN
Learnpress
CVE-2024-5483
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5317 - Newsletter Plugin
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Newsletter
CVE-2024-5317
Risk Score
Threat Entry
Updated 2026-03-03
CVE-2024-0756 - Insert Or Embed Articulate Content Plugin
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.
PLUGIN
Insert Or Embed Articulate Content
CVE-2024-0756
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49852 - Responsive Slick Slider WordPress Plugin
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4.
PLUGIN
Responsive Slick Slider WordPress
CVE-2023-49852
Risk Score
Threat Entry
Updated 2025-01-27
CVE-2024-4637 - Slider Revolution Plugin
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Slider Revolution
CVE-2024-4637
Risk Score
Threat Entry
Updated 2025-01-27
CVE-2024-4581 - Slider Revolution Plugin
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation of this vulnerability requires an Administrator to give Slider Creation privileges to Author-level users.
PLUGIN
Slider Revolution
CVE-2024-4581
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5485 - Suretriggers Plugin
The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Suretriggers
CVE-2024-5485
Risk Score
Threat Entry
Updated 2025-06-30
CVE-2023-34001 - Hide My Wp Ghost Plugin
Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.
PLUGIN
Hide My Wp Ghost
CVE-2023-34001
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-4856 - Fs Product Inquiry Plugin
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
PLUGIN
Fs Product Inquiry
CVE-2024-4856
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-4857 - Fs Product Inquiry Plugin
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
PLUGIN
Fs Product Inquiry
CVE-2024-4857
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4997 - Wpupper Share Buttons Plugin
The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.
PLUGIN
Wpupper Share Buttons
CVE-2024-4997
Risk Score
Threat Entry
Updated 2025-06-17
CVE-2024-4749 - Before 10 Plugin
The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
PLUGIN
Before 10
CVE-2024-4749
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2024-4697 - Cowidgets Elementor Addons Plugin
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Cowidgets Elementor Addons
CVE-2024-4697
Risk Score