CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-12679	Prisna GWT < 1.4.14 - Admin+ Stored XSS Description: The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-12301	JSP Store Locator <= 1.0 - Deletion via Missing CSRF Description: The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. CVSS: MEDIUM (6.5) EPSS Score: 0.01% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-12282	WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF Description: The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. EPSS Score: 0.01% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11843	Panorama – WordPress Project Management Plugin <= 1.5.1 - Admin+ Stored XSS Description: The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVSS: MEDIUM (4.8) EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11719	tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF Description: The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. EPSS Score: 0.01% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11718	tarteaucitron.js for WordPress < 0.3.0 - Author+ Stored XSS Description: The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11502	Planning Center Online Giving <= 1.0.0 - Contributor+ XSS via Shortcode Description: The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11373	Connexion Logs <= 3.0.2 - Log Deletion via CSRF Description: The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack CVSS: MEDIUM (4.3) EPSS Score: 0.01% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11372	Connexion Logs <= 3.0.2 - Admin+ SQL Injection Description: The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks EPSS Score: 0.04% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2024-11269	AHAthat Plugin <= 1.6 - Admin+ SQL Injection Description: The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)