Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-1798	Design Comuni Italia < 1.1.2 - Unauthenticated Stored XSS Description: The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks. EPSS Score: 0.05% Source: CVE March 25th, 2025 (2 months ago)
CVE-2025-1452	Favorites < 2.3.5 - Admin+ Stored XSS Description: The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-9770	WP-Recall < 16.26.12 - Admin+ SQL Injection Description: The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks EPSS Score: 0.02% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-13863	Stylish Google Sheet Reader < 4.1 - Reflected XSS Description: The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.03% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-13618	Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated SSRF Description: The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. EPSS Score: 0.04% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-13617	Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download Description: The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server EPSS Score: 0.07% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-13123	AFI < 1.100.0 - Admin+ Stored XSS Description: The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-13122	AFI < 1.100.0 - Admin+ Stored XSS Description: The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-13118	IP Based Login < 2.4.1 - Log Deletion via CSRF Description: The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack EPSS Score: 0.03% Source: CVE March 25th, 2025 (2 months ago)
CVE-2024-12769	Simple Banner < 3.0.4 - Admin+ Stored XSS Description: The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE March 25th, 2025 (2 months ago)