Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1621 |
Description: The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 16th, 2025 (about 1 month ago)
|
|
CVE-2025-1620 |
Description: The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 16th, 2025 (about 1 month ago)
|
|
CVE-2025-1619 |
Description: The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 16th, 2025 (about 1 month ago)
|
|
CVE-2024-13602 |
Description: The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 16th, 2025 (about 1 month ago)
|
|
CVE-2024-13126 |
Description: The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.
EPSS Score: 1.17%
March 16th, 2025 (about 1 month ago)
|
|
CVE-2024-3368 |
Description: The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
EPSS Score: 0.15% SSVC Exploitation: poc
March 14th, 2025 (about 1 month ago)
|
|
CVE-2024-6517 |
Description: The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
EPSS Score: 2.61% SSVC Exploitation: poc
March 14th, 2025 (about 1 month ago)
|
|
CVE-2024-6230 |
Description: The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack
EPSS Score: 0.13% SSVC Exploitation: none
March 14th, 2025 (about 1 month ago)
|
|
CVE-2024-5003 |
Description: The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
EPSS Score: 0.08% SSVC Exploitation: poc
March 14th, 2025 (about 1 month ago)
|
|
CVE-2024-3939 |
Description: The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.25% SSVC Exploitation: none
March 14th, 2025 (about 1 month ago)
|