CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13216 |
Description: The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-13157 |
Description: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.07%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-13112 |
Description: The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-13101 |
Description: The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-13100 |
Description: The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-12872 |
Description: The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-12772 |
Description: The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-12415 |
Description: The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-12275 |
Description: The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-12267 |
Description: The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|