Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-6708 |
Description: The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-6690 |
Description: The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
CVSS: MEDIUM (6.1) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-6462 |
Description: The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-6335 |
Description: The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-4665 |
Description: The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-4091 |
Description: The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-4004 |
Description: The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-3901 |
Description: The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-3062 |
Description: The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
May 15th, 2025 (24 days ago)
|
|
CVE-2024-2869 |
Description: The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|