CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13634	Post Sync <= 1.1 - Reflected XSS Description: The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13633	Simple Catalogue <= 1.0.2 - Reflected XSS Description: The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13632	WP Extra Fields <= 1.0.1 - Reflected XSS Description: The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13631	OM Stripe <= 02.00.00 - Reflected XSS Description: The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13630	News List <= 1.0 - Reflected XSS Description: The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13629	Pushbiz <= 1.0 - Reflected XSS Description: The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13628	WP Pricing Table <= 1.1 - Reflected XSS Description: The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13624	WPMovieLibrary <= 2.1.4.8 - Reflected XSS Description: The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 5.36% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13571	Post Timeline < 2.3.10 - Reflected XSS Description: The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 26th, 2025 (4 months ago)
CVE-2024-13113	Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS Description: The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. EPSS Score: 0.03% Source: CVE February 26th, 2025 (4 months ago)