Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13208	WP Google Map < 1.9.4 - Admin+ Stored XSS Description: The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 16th, 2025 (2 months ago)
CVE-2025-0692	Simple Video Management System <= 1.0.4 - Admin+ Stored XSS Description: The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-13125	Everest Forms < 3.0.8.1 - Admin+ Stored XSS Description: The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-13121	Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-13120	ProfilePress < 4.15.20 - Admin+ Stored XSS Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-13119	ProfilePress < 4.15.20 - Admin+ Stored XSS Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.04% Source: CVE February 14th, 2025 (2 months ago)
	A Threat Actor Claims to be Selling WordPress Admin Access to an Unidentified Healthcare Company in the UK Description: A Threat Actor Claims to be Selling WordPress Admin Access to an Unidentified Healthcare Company in the UK Source: DarkWebInformer February 13th, 2025 (2 months ago)
	Elon Musk's Waste.gov Is Just a WordPress Theme Placeholder Page Description: Musk told reporters all of DOGE's actions are "maximally transparent." The website tracking waste is currently about an imaginary architecture firm. Source: 404 Media February 12th, 2025 (2 months ago)
	GSheetConnector for Forminator Forms for WordPress Cross-Site Scripting Description: Web App Scanning Plugin ID 114591 with Medium Severity Synopsis GSheetConnector for Forminator Forms for WordPress Cross-Site Scripting Description The WordPress GSheetConnector for Forminator Forms Plugin installed on the remote host is affected by a Cross-Site Scripting (XSS) vulnerability.Note that the scanner has not tester for these issues but has instead relied only the application's self-reported version number. Solution Remove GSheetConnector for Forminator Forms plugin Read more at https://www.tenable.com/plugins/was/114591 Source: Tenable Plugins February 12th, 2025 (2 months ago)
	Multilang Contact Form Plugin for WordPress Cross-Site Scripting Description: Web App Scanning Plugin ID 114592 with High Severity Synopsis Multilang Contact Form Plugin for WordPress Cross-Site Scripting Description The WordPress Multilang Contact Form Plugin installed on the remote host is affected by a Cross-Site Scripting (XSS) vulnerability.Note that the scanner has not tester for these issues but has instead relied only the application's self-reported version number. Solution Remove Multilang Contact Form plugin Read more at https://www.tenable.com/plugins/was/114592 Source: Tenable Plugins February 12th, 2025 (2 months ago)