Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-2661 - Barcode Scanner Lite Pos To Manage Products Inventory And Orders Plugin
The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the…
PLUGIN
Barcode Scanner Lite Pos To Manage Products Inventory And Orders
CVE-2024-2661
Risk Score
Threat Entry
Updated 2025-01-21
CVE-2024-2751 - Exclusive Addons For Elementor Plugin
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exad_infobox_animating_mask_style’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Exclusive Addons For Elementor
CVE-2024-2751
Risk Score
Threat Entry
Updated 2025-01-21
CVE-2024-2750 - Exclusive Addons For Elementor Plugin
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Exclusive Addons For Elementor
CVE-2024-2750
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2542 - Securely Embed Contact Forms Plugin
The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32527 is likely a duplicate of this issue.
PLUGIN
Securely Embed Contact Forms
CVE-2024-2542
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2417 - And User Profile Plugin
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the attacker to register an account as an administrator on the site.
PLUGIN
And User Profile
CVE-2024-2417
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2024-2503 - Exclusive Addons For Elementor Plugin
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32557 is likely a duplicate of this issue.
PLUGIN
Exclusive Addons For Elementor
CVE-2024-2503
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2349 - Fancy Elementor Flipbox Plugin
The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Fancy Elementor Flipbox
CVE-2024-2349
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2401 - Admin Page Spider Plugin
The Admin Page Spider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Admin Page Spider
CVE-2024-2401
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2024-2345 - Filebird Plugin
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Filebird
CVE-2024-2345
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2024-2328 - Real Media Library Plugin
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Real Media Library
CVE-2024-2328
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-2273 - Gutenberg Blocks With Ai Plugin
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Gutenberg Blocks With Ai
CVE-2024-2273
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2024-2346 - Filebird Plugin
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads visible.
PLUGIN
Filebird
CVE-2024-2346
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-2324 - Fileorganizer Plugin
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. For the free version, this is limited to administrators. The pro version is also vulnerable and exploitable by administrators, but also offers the functionality to lower level users (as…
PLUGIN
Fileorganizer
CVE-2024-2324
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2024-2082 - Eleforms Plugin
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Eleforms
CVE-2024-2082
Risk Score
Threat Entry
Updated 2025-01-28
CVE-2024-2085 - Ht Mega Plugin
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Ht Mega
CVE-2024-2085
Risk Score
Threat Entry
Updated 2025-01-28
CVE-2024-2084 - Ht Mega Plugin
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Ht Mega
CVE-2024-2084
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2109 - Booster Extension Plugin
The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user emails
PLUGIN
Booster Extension
CVE-2024-2109
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2024-2043 - Eleforms Plugin
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions.
PLUGIN
Eleforms
CVE-2024-2043
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1897 - New Grid Gallery Plugin
The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awl_gg_settings_ meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve…
PLUGIN
New Grid Gallery
CVE-2024-1897
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-1896 - New Photo Gallery Plugin
The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.1 via deserialization via shortcode of untrusted input from the 'awl_lg_settings_' attribute. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow…
PLUGIN
New Photo Gallery
CVE-2024-1896
Risk Score