Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10010 |
Description: The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2899 |
Description: The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2779 |
Description: The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.42%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2719 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2492 |
Description: The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2401 |
Description: The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2359 |
Description: The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2221 |
Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-0368 |
Description: The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: LOW (0.0) EPSS Score: 0.06%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-11972 |
Description: Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.
The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.
"This flaw poses a significant security risk, as it
EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|