CyberAlerts

CVE-2024-13383

Description: The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-13357

Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS

Description: The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-13313

AWeber <= 7.3.20 - Admin+ Stored XSS

Description: The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-13127

LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS

Description: The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-13053

Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS via Theme Title

Description: The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-12874

Top Comments <= 1.0 - Admin+ Stored Cross-Site Scripting

Description: The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.02%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-12812

WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information

Description: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees.

EPSS Score: 0.04%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-12808

WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS

Description: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-12800

IP Based Login < 2.4.1 - Admin+ Stored XSS

Description: The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

CVE-2024-12750

Competition Form <= 2.0 - Competition Deletion via CSRF

Description: The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

EPSS Score: 0.03%

Source: CVE

May 15th, 2025 (21 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13383	HD Quiz < 2.0.0 - Editor+ Stored XSS Description: The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-13357	Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS Description: The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-13313	AWeber <= 7.3.20 - Admin+ Stored XSS Description: The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-13127	LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS Description: The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-13053	Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS via Theme Title Description: The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-12874	Top Comments <= 1.0 - Admin+ Stored Cross-Site Scripting Description: The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.02% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-12812	WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information Description: The WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees. EPSS Score: 0.04% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-12808	WP ERP \| Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS Description: The WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-12800	IP Based Login < 2.4.1 - Admin+ Stored XSS Description: The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)
CVE-2024-12750	Competition Form <= 2.0 - Competition Deletion via CSRF Description: The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack EPSS Score: 0.03% Source: CVE May 15th, 2025 (21 days ago)