CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-5026 |
Description: The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-4665 |
Description: The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-4091 |
Description: The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-4004 |
Description: The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-4002 |
Description: The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-3996 |
Description: The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-3901 |
Description: The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-3062 |
Description: The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-2869 |
Description: The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-2643 |
Description: The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
EPSS Score: 0.06%
May 15th, 2025 (about 1 month ago)
|