Skip to main content
CVE-2025-46834 MEDIUM This Month

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.6
EPSS
0.4%
CVE-2025-2203 MEDIUM POC This Month

The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Funnel Builder PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-1454 MEDIUM POC This Month

The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Pages PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-1289 MEDIUM POC Monitor

The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Plugin Oficial PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-1288 MEDIUM POC This Month

The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Wooexim PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-1286 MEDIUM POC This Month

The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Download Html Tinymce Button PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-1033 MEDIUM POC Monitor

The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Badgearoo PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0688 MEDIUM POC This Month

The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spiritual Gifts Survey And Optional S H A P E Survey PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0687 MEDIUM POC This Month

The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spiritual Gifts Survey And Optional S H A P E Survey PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0329 MEDIUM POC Monitor

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9882 MEDIUM POC Monitor

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-9879 MEDIUM POC This Month

The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Melapress File Monitor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9838 MEDIUM POC This Month

The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Auto Affiliate Links
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9831 HIGH POC This Month

The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Taskbuilder
NVD WPScan
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-9711 MEDIUM POC This Month

The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ekc Tournament Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9709 MEDIUM POC This Month

The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ekc Tournament Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9663 MEDIUM POC This Month

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cyan Backup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9662 MEDIUM POC This Month

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cyan Backup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9645 MEDIUM POC This Month

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9599 MEDIUM POC This Month

The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9390 MEDIUM POC Monitor

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Registrationmagic
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9236 MEDIUM POC Monitor

The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Team Wordpress Team Members Showcase
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9233 MEDIUM POC Monitor

The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Logo Slider
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-9227 MEDIUM POC Monitor

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Powerpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9182 MEDIUM POC Monitor

The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maspik
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8854 MEDIUM POC This Month

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Polls Cp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-8851 MEDIUM POC This Month

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Polls Cp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-8759 MEDIUM POC Monitor

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nested Pages
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8703 MEDIUM POC This Month

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Z Downloads
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8702 MEDIUM POC Monitor

The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup Database
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8701 MEDIUM POC Monitor

The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Events Calendar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8700 HIGH POC This Month

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Event Calendar
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8699 HIGH POC This Month

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Z Downloads
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-8670 MEDIUM POC Monitor

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8620 MEDIUM POC Monitor

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8619 MEDIUM POC Monitor

The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-8618 MEDIUM POC Monitor

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pagelayer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8617 MEDIUM POC Monitor

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8542 MEDIUM POC Monitor

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Everest Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-8493 MEDIUM POC Monitor

The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS The Events Calendar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8492 MEDIUM POC Monitor

The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hustle
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8426 MEDIUM POC Monitor

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pagelayer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8398 MEDIUM POC Monitor

The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Simple Nav Archives
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8397 MEDIUM POC This Month

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Consent
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8284 MEDIUM POC Monitor

The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Download Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-8245 MEDIUM POC Monitor

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Gamipress Reset User
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8187 MEDIUM POC Monitor

The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Post Show
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8095 MEDIUM POC This Month

The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Babeiz
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8094 MEDIUM POC This Week

The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ntz Atispam
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-8090 MEDIUM POC This Month

The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Javascript Logic
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
Prev Page 4 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy