Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13630	News List <= 1.0 - Reflected XSS Description: The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-13629	Pushbiz <= 1.0 - Reflected XSS Description: The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-13628	WP Pricing Table <= 1.1 - Reflected XSS Description: The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-13624	WPMovieLibrary <= 2.1.4.8 - Reflected XSS Description: The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 5.36% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-13571	Post Timeline < 2.3.10 - Reflected XSS Description: The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-13113	Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS Description: The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-12878	Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS Description: The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-12737	WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS Description: The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-10563	WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS Description: The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE February 26th, 2025 (about 2 months ago)
CVE-2024-10483	SimplePress Forum < 6.10.11 - Reflected XSS Description: The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. EPSS Score: 0.04% Source: CVE February 26th, 2025 (about 2 months ago)