CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13221	Fantastic Elasticsearch <= 4.1.0 - Reflected XSS Description: The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13220	Google Map Professional <= 1.0 - Reflected XSS Description: The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13219	Policy Genius <= 2.0.4 - Reflected XSS Description: The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13218	Fast Tube <= 2.3.1 - Reflected XSS Description: The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13112	WP MediaTagger <= 4.1.1 - Reflected XSS Description: The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13101	WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS Description: The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13100	Woo UPS Pickup <= 2.6.3 - Reflected XSS Description: The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-12872	Zalomení <= 1.5 - Admin+ Stored XSS Description: The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-12772	Ninja Tables < 5.0.17 - Admin+ Stored XSS Description: The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-12275	CanvasFlow <= 1.5.5 - Reflected XSS Description: The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)