Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13685	Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing Description: The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10. EPSS Score: 0.04% Source: CVE March 4th, 2025 (3 months ago)
CVE-2024-13678	R3W Instafeed <= 1.0 - Reflected XSS Description: The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13669	CalendApp <= 1.1 - Reflected XSS Description: The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13634	Post Sync <= 1.1 - Reflected XSS Description: The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13633	Simple Catalogue <= 1.0.2 - Reflected XSS Description: The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13632	WP Extra Fields <= 1.0.1 - Reflected XSS Description: The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13631	OM Stripe <= 02.00.00 - Reflected XSS Description: The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13630	News List <= 1.0 - Reflected XSS Description: The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13629	Pushbiz <= 1.0 - Reflected XSS Description: The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13628	WP Pricing Table <= 1.1 - Reflected XSS Description: The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)