Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13891 |
Description: The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (about 1 month ago)
|
|
CVE-2024-13885 |
Description: The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
March 13th, 2025 (about 1 month ago)
|
|
CVE-2024-13884 |
Description: The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (about 1 month ago)
|
|
Description:
Web App Scanning Plugin ID 114618 with Critical Severity
Synopsis
GiveWP Plugin for WordPress < 3.20.0 Remote Code Execution
Description
The WordPress GiveWP Plugin installed on the remote host is affected by a PHP object injection vulnerability.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to GiveWP Plugin for WordPress 3.20.0 or latest.
Read more at https://www.tenable.com/plugins/was/114618
March 11th, 2025 (about 1 month ago)
|
|
|
Description:
Web App Scanning Plugin ID 114629 with Critical Severity
Synopsis
Newscrunch Plugin for WordPress < 1.8.4.1 Arbitrary File Upload
Description
The WordPress Newscrunch Plugin installed on the remote host is affected by an Arbitrary File Upload.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Newscrunch 1.8.4.1 or later.
Read more at https://www.tenable.com/plugins/was/114629
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-0629 |
Description: The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-13864 |
Description: The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-13862 |
Description: The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-13853 |
Description: The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 1.93%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-13836 |
Description: The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
March 11th, 2025 (about 1 month ago)
|