Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description:
Web App Scanning Plugin ID 114593 with Medium Severity
Synopsis
Build Private Store For Woocommerce Plugin for WordPress < 1.1 Cross-Site Request Forgery
Description
The WordPress Build Private Store For Woocommerce Plugin installed on the remote host is affected by a Cross-Site Request Forgery (CSRF) vulnerability.Note that the scanner has not tester for these issues but has instead relied only the application's self-reported version number.
Solution
Upgrade to Build Private Store For Woocommerce 1.1 or later
Read more at https://www.tenable.com/plugins/was/114593
February 12th, 2025 (2 months ago)
|
CVE-2024-13570 |
Description: The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2024-13544 |
Description: The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2024-13543 |
Description: The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2025-0522 |
Description: The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-0466 |
Description: The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
EPSS Score: 0.04%
February 5th, 2025 (2 months ago)
|
|
CVE-2025-0368 |
Description: The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
EPSS Score: 0.04%
February 5th, 2025 (2 months ago)
|
|
CVE-2024-13332 |
Description: The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
February 5th, 2025 (2 months ago)
|
|
CVE-2024-13331 |
Description: The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
February 5th, 2025 (2 months ago)
|
|
CVE-2024-13330 |
Description: The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
February 5th, 2025 (2 months ago)
|