Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11008 |
Description: The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-2811 |
Description: The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-2751 |
Description: The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
CVSS: LOW (0.0) EPSS Score: 0.08%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-2684 |
Description: The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-2654 |
Description: The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.07%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-2527 |
Description: The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-2399 |
Description: The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 12th, 2024 (6 months ago)
|
|
CVE-2023-0489 |
Description: The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (6 months ago)
|
|
Description: Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. [...]
December 11th, 2024 (6 months ago)
|
|
CVE-2024-7894 |
Description: The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|