Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13329	Solidres <= 0.9.4 - Reflected XSS Description: The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2024-13328	Giga Messenger Bots <= 2.3.1 - Reflected XSS Description: The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2024-13327	Musicbox <= 2.0.3 - Reflected XSS Description: The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2024-13326	iBuildApp <= 0.2.0 - Reflected XSS Description: The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2024-13325	Glossy <= 2.3.5 - Reflected XSS Description: The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2024-13115	WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF Description: The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2024-13114	WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS Description: The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
	WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery Description: WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability. Source: Japan Vulnerability Notes (JVN) February 4th, 2025 (2 months ago)
CVE-2024-13347	Essential WP Real Estate <= 1.1.3 - Reflected XSS Description: The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. EPSS Score: 0.04% Source: CVE February 4th, 2025 (2 months ago)
CVE-2024-13099	Widget4call <= 1.0.7 - Reflected XSS Description: The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 2nd, 2025 (3 months ago)