Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2563 |
Description: The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
EPSS Score: 11.4%
April 14th, 2025 (5 days ago)
|
|
CVE-2024-9230 |
Description: The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
EPSS Score: 0.03%
April 14th, 2025 (5 days ago)
|
|
Description: If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. Vulnerability Information On April 10, 2025, a critical vulnerability in the WordPress plugin SureTriggers (version 1.0.78 and below) was identified and published. This flaw, allows unauthenticated attackers to create administrative user accounts on vulnerable […]
The post Critical SureTriggers Plugin Vulnerability Exploited within 4 hours appeared first on Patchstack.
April 10th, 2025 (9 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
April 10th, 2025 (9 days ago)
|
|
CVE-2024-13896 |
Description: The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue
EPSS Score: 0.04%
April 10th, 2025 (9 days ago)
|
|
CVE-2024-13874 |
Description: The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.03%
April 10th, 2025 (9 days ago)
|
|
CVE-2024-8243 |
Description: The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
EPSS Score: 0.03%
April 9th, 2025 (10 days ago)
|
|
CVE-2024-6860 |
Description: The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
EPSS Score: 0.03%
April 9th, 2025 (10 days ago)
|
|
CVE-2024-6857 |
Description: The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
EPSS Score: 0.03%
April 9th, 2025 (10 days ago)
|
|
Description: WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
April 8th, 2025 (11 days ago)
|