Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13226	A5 Custom Login Page <= 2.8.1 - Reflected XSS Description: The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13225	ECT Home Page Products <= 1.9 - Reflected XSS Description: The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13224	SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS Description: The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13223	Tabulate <= 2.10.3 - Reflected XSS Description: The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13222	User Messages <= 1.2.4 - Reflected XSS Description: The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13221	Fantastic Elasticsearch <= 4.1.0 - Reflected XSS Description: The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13220	Google Map Professional <= 1.0 - Reflected XSS Description: The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13219	Policy Genius <= 2.0.4 - Reflected XSS Description: The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13218	Fast Tube <= 2.3.1 - Reflected XSS Description: The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)
CVE-2024-13112	WP MediaTagger <= 4.1.1 - Reflected XSS Description: The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (3 months ago)