Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13875 |
Description: The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
March 20th, 2025 (3 months ago)
|
|
Description: A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]
March 19th, 2025 (3 months ago)
|
|
CVE-2024-6244 |
Description: The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
EPSS Score: 2.79% SSVC Exploitation: poc
March 19th, 2025 (3 months ago)
|
|
CVE-2024-3973 |
Description: The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.01% SSVC Exploitation: none
March 19th, 2025 (3 months ago)
|
|
CVE-2024-4289 |
Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.03% SSVC Exploitation: poc
March 19th, 2025 (3 months ago)
|
|
CVE-2025-1232 |
Description: The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks
EPSS Score: 0.05%
March 19th, 2025 (3 months ago)
|
|
CVE-2024-7713 |
Description: The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
EPSS Score: 0.05% SSVC Exploitation: poc
March 18th, 2025 (3 months ago)
|
|
CVE-2024-4094 |
Description: The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
EPSS Score: 0.03% SSVC Exploitation: poc
March 18th, 2025 (3 months ago)
|
|
CVE-2024-4180 |
Description: The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.
EPSS Score: 0.16% SSVC Exploitation: poc
March 18th, 2025 (3 months ago)
|
|
CVE-2024-4970 |
Description: The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.09% SSVC Exploitation: none
March 18th, 2025 (3 months ago)
|