CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-7556 |
Description: The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6798 |
Description: The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6718 |
Description: The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6713 |
Description: The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6708 |
Description: The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6690 |
Description: The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
CVSS: MEDIUM (6.1) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6462 |
Description: The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-6335 |
Description: The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-4665 |
Description: The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-4091 |
Description: The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|