Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13624	WPMovieLibrary <= 2.1.4.8 - Reflected XSS Description: The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 5.36% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13571	Post Timeline < 2.3.10 - Reflected XSS Description: The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13113	Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS Description: The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-12878	Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS Description: The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-12737	WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS Description: The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-10563	WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS Description: The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-10483	SimplePress Forum < 6.10.11 - Reflected XSS Description: The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-10152	Simple Certain Time to Show Content < 1.3.1 - Reflected XSS Description: The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (3 months ago)
CVE-2024-13822	Total Contest Lite <= 2.8.1 - Reflected XSS Description: The Photo Contest \| Competition \| Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 24th, 2025 (3 months ago)
CVE-2024-13605	Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS Description: The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE February 24th, 2025 (3 months ago)