Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38345 |
Description: A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.
EPSS Score: 0.07% SSVC Exploitation: none
March 13th, 2025 (3 months ago)
|
|
CVE-2024-5802 |
Description: The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
EPSS Score: 0.21% SSVC Exploitation: none
March 13th, 2025 (3 months ago)
|
|
CVE-2024-3986 |
Description: The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.12% SSVC Exploitation: poc
March 13th, 2025 (3 months ago)
|
|
CVE-2025-1487 |
Description: The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|
|
CVE-2025-1486 |
Description: The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|
|
CVE-2025-1436 |
Description: The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|
|
CVE-2025-1401 |
Description: The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|
|
CVE-2024-13891 |
Description: The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|
|
CVE-2024-13885 |
Description: The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|
|
CVE-2024-13884 |
Description: The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 13th, 2025 (3 months ago)
|