Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8082 |
Description: The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-8050 |
Description: The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-7984 |
Description: The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-7769 |
Description: The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.01%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-7761 |
Description: In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
CVSS: MEDIUM (6.1) EPSS Score: 0.01%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-7759 |
Description: The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-7556 |
Description: The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-6798 |
Description: The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-6718 |
Description: The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-6713 |
Description: The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|