Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description:
Web App Scanning Plugin ID 114618 with Critical Severity
Synopsis
GiveWP Plugin for WordPress < 3.20.0 Remote Code Execution
Description
The WordPress GiveWP Plugin installed on the remote host is affected by a PHP object injection vulnerability.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to GiveWP Plugin for WordPress 3.20.0 or latest.
Read more at https://www.tenable.com/plugins/was/114618
March 11th, 2025 (3 months ago)
|
|
|
Description:
Web App Scanning Plugin ID 114629 with Critical Severity
Synopsis
Newscrunch Plugin for WordPress < 1.8.4.1 Arbitrary File Upload
Description
The WordPress Newscrunch Plugin installed on the remote host is affected by an Arbitrary File Upload.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Newscrunch 1.8.4.1 or later.
Read more at https://www.tenable.com/plugins/was/114629
March 11th, 2025 (3 months ago)
|
CVE-2025-0629 |
Description: The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13864 |
Description: The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13862 |
Description: The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13853 |
Description: The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 1.93%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13836 |
Description: The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13615 |
Description: The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13580 |
Description: The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
EPSS Score: 0.03%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-13574 |
Description: The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
March 11th, 2025 (3 months ago)
|