cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0466,https://securityvulnerability.io/vulnerability/CVE-2025-0466,Sensitive Data Exposure in Sensei LMS WordPress Plugin,"The Sensei LMS WordPress plugin prior to version 4.24.4 contains a vulnerability that fails to adequately protect certain REST API routes. This flaw may be exploited by unauthenticated attackers to access sensitive information, specifically leaking data such as user email addresses and messages, which can lead to further security risks.",WordPress,Sensei Lms,5.3,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:11.000Z,true,false,false,,2025-02-04T06:00:11.861Z,0
CVE-2025-0368,https://securityvulnerability.io/vulnerability/CVE-2025-0368,Reflected Cross-Site Scripting in Banner Garden Plugin for WordPress,"The Banner Garden Plugin for WordPress, up to version 0.1.3, is susceptible to reflected cross-site scripting due to improper sanitization of user input. This flaw enables attackers to potentially exploit the vulnerability, targeting high-privilege users such as administrators and unauthenticated users. By injecting malicious scripts into web pages, attackers can manipulate user sessions and gain unauthorized access to sensitive information.",WordPress,Banner Garden Plugin For WordPress,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:11.000Z,true,false,false,,2025-02-04T06:00:11.421Z,0
CVE-2024-13332,https://securityvulnerability.io/vulnerability/CVE-2024-13332,Reflected Cross-Site Scripting in TransFinanz WordPress Plugin,"The TransFinanz WordPress plugin, up to version 1.0.0, contains a vulnerability that permits Reflected Cross-Site Scripting due to improper sanitization and escaping of parameters. This flaw allows attackers to inject malicious scripts that could execute in the context of users’ browsers, particularly affecting high privilege users such as admins. By leveraging this vulnerability, an attacker could exploit it to gain unauthorized access or perform actions on behalf of the affected users.",WordPress,Transfinanz,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:10.000Z,true,false,false,,2025-02-04T06:00:10.855Z,0
CVE-2024-13331,https://securityvulnerability.io/vulnerability/CVE-2024-13331,Reflected Cross-Site Scripting Vulnerability in WP Dream Carousel Plugin,"The WP Dream Carousel plugin for WordPress, up to version 1.0.1b, has a security flaw related to insufficient sanitization and escaping of user input. This could result in reflected cross-site scripting (XSS), posing a significant risk to high-privilege users, such as administrators. An attacker may exploit this vulnerability to execute arbitrary scripts in the context of the affected user's session, leading to potential unauthorized actions or data exposure.",WordPress,WP Dream Carousel,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:10.000Z,true,false,false,,2025-02-04T06:00:10.352Z,0
CVE-2024-13330,https://securityvulnerability.io/vulnerability/CVE-2024-13330,Reflected Cross-Site Scripting in JustRows Plugin for WordPress,"The JustRows plugin, version 0.2 and earlier, is vulnerable due to inadequate sanitization and escaping of parameters before rendering on web pages. This flaw allows attackers to inject malicious scripts through URL parameters, which can be executed in the context of high privilege users, including administrators. As a result, this vulnerability poses significant risks, enabling unauthorized actions and data exposure within WordPress sites.",WordPress,Justrows Free,7.1,HIGH,0.01,false,,false,false,true,2025-02-04T06:00:09.000Z,true,false,false,,2025-02-04T06:00:09.884Z,0
CVE-2024-13329,https://securityvulnerability.io/vulnerability/CVE-2024-13329,Reflected Cross-Site Scripting Vulnerability in Solidres WordPress Plugin,"The Solidres plugin for WordPress, up to version 0.9.4, is vulnerable to reflected cross-site scripting (XSS). This vulnerability arises from improper sanitization and escaping of a parameter before it is outputted on the page, which can be exploited by attackers to craft malicious URLs. Such crafted URLs can pose significant risks, especially when targeting users with high privileges, including admin accounts, potentially allowing attackers to execute arbitrary scripts in their browsers.",WordPress,Solidres,7.1,HIGH,0.01,false,,false,false,true,2025-02-04T06:00:09.000Z,true,false,false,,2025-02-04T06:00:09.485Z,0
CVE-2024-13328,https://securityvulnerability.io/vulnerability/CVE-2024-13328,Reflected Cross-Site Scripting in Giga Messenger WordPress Plugin,"The Giga Messenger plugin for WordPress, up to version 2.3.1, is susceptible to a reflected cross-site scripting vulnerability. This issue arises from inadequate sanitization and escaping of parameters before the data is rendered on web pages. Attackers could exploit this flaw to inject malicious scripts, potentially targeting users with high-level privileges, including administrators, and compromising the integrity of the site.",WordPress,Giga Messenger,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:09.000Z,true,false,false,,2025-02-04T06:00:09.212Z,0
CVE-2024-13325,https://securityvulnerability.io/vulnerability/CVE-2024-13325,Reflected Cross-Site Scripting in Glossy WordPress Plugin,"The Glossy WordPress plugin, versions up to 2.3.5, is susceptible to a reflected cross-site scripting (XSS) vulnerability due to improper sanitization and escaping of a user-controlled parameter in the output. This flaw could potentially allow attackers to inject malicious scripts into web pages, impacting users with elevated privileges, such as administrators, and leading to unauthorized actions or data exposure.",WordPress,Glossy,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:03.000Z,true,false,false,,2025-02-04T06:00:03.948Z,0
CVE-2024-13115,https://securityvulnerability.io/vulnerability/CVE-2024-13115,Cross-Site Request Forgery and XSS Vulnerabilities in WP Projects Portfolio Plugin,"The WP Projects Portfolio with Client Testimonials plugin lacks proper CSRF checks in certain areas, alongside deficiencies in data sanitisation and escaping mechanisms. This security shortfall can potentially allow attackers to exploit authenticated admin sessions, enabling them to inject Stored XSS payloads through crafted CSRF attacks. Such vulnerabilities underscore the importance of implementing robust security measures to safeguard against unauthorized actions and data manipulation within WordPress environments.",WordPress,WP Projects Portfolio With Client Testimonials,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:03.000Z,true,false,false,,2025-02-04T06:00:03.687Z,0
CVE-2024-13114,https://securityvulnerability.io/vulnerability/CVE-2024-13114,Reflected Cross-Site Scripting Vulnerability in WP Projects Portfolio Plugin by WordPress,"The WP Projects Portfolio with Client Testimonials plugin for WordPress, version 3.0, contains a vulnerability due to improper sanitization and escaping of parameters. This flaw allows an attacker to inject malicious scripts into the output, potentially targeting high privilege users, including administrators. Exploiting this vulnerability could lead to the execution of arbitrary scripts in the context of a victim's browser session, creating a risk of data theft or unintended actions on behalf of the user.",WordPress,WP Projects Portfolio With Client Testimonials,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:02.000Z,true,false,false,,2025-02-04T06:00:02.307Z,0
CVE-2025-23588,https://securityvulnerability.io/vulnerability/CVE-2025-23588,Reflected XSS Vulnerability in WOW Best CSS Compiler by WOW,"The WOW Best CSS Compiler plugin for WordPress has a vulnerability that allows for reflected cross-site scripting (XSS). This issue occurs due to improper neutralization of user input during web page generation, potentially enabling attackers to execute arbitrary scripts in the context of the user's session. The vulnerability affects versions up to 2.0.2, emphasizing the need for timely updates and security measures to protect against potential exploitation.",Wow WordPress,Wow Best Css Compiler,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T14:22:42.896Z,0
CVE-2024-13347,https://securityvulnerability.io/vulnerability/CVE-2024-13347,Reflected Cross-Site Scripting in Essential WP Real Estate Plugin for WordPress,"The Essential WP Real Estate plugin for WordPress, versions up to 1.1.3, contains a vulnerability that fails to properly escape generated URLs prior to outputting them in attributes. This oversight can be exploited to perform Reflected Cross-Site Scripting (XSS) attacks, potentially allowing attackers to execute malicious scripts in a user’s browser when they visit a compromised page. This vulnerability poses a risk to site security and user data integrity, highlighting the need for prompt updates and security measures.",WordPress,Essential WP Real Estate,6.8,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-03T06:00:09.000Z,true,false,false,,2025-02-03T06:00:09.278Z,0
CVE-2024-13099,https://securityvulnerability.io/vulnerability/CVE-2024-13099,Reflected Cross-Site Scripting Vulnerability in Widget4Call Plugin for WordPress,"The Widget4Call plugin for WordPress, up to version 1.0.7, contains a vulnerability that allows attackers to exploit reflected cross-site scripting (XSS) due to improper sanitization of user input. This flaw can be targeted against users with elevated privileges such as administrators, potentially leading to unauthorized actions and the disclosure of sensitive information. Proper input validation and output encoding are vital to mitigate this risk.",WordPress,Widget4call,5.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-01T06:00:13.000Z,true,false,false,,2025-02-01T06:00:13.840Z,0
CVE-2024-13098,https://securityvulnerability.io/vulnerability/CVE-2024-13098,Reflected Cross-Site Scripting Vulnerability in WordPress Email Newsletter Plugin,"The WordPress Email Newsletter plugin, up to version 1.1, contains a vulnerability that does not properly sanitize and escape user inputs before rendering on pages. This oversight allows attackers to execute reflected cross-site scripting attacks, which could potentially target users with high privileges, including administrators. By exploiting this weakness, an attacker could inject malicious scripts into the web page viewed by affected users, leading to unauthorized actions and data exposure.",WordPress,WordPress Email Newsletter,5.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-01T06:00:13.000Z,true,false,false,,2025-02-01T06:00:13.542Z,0
CVE-2024-13097,https://securityvulnerability.io/vulnerability/CVE-2024-13097,Reflected Cross-Site Scripting in WP Finance Plugin by WordPress,"The WP Finance plugin for WordPress, up to version 1.3.6, has a vulnerability where it fails to properly sanitize and escape parameters before reflecting them back on the web page. This oversight exposes high-privilege users, including administrators, to potential exploits via Reflected Cross-Site Scripting (XSS). If an attacker successfully manipulates this weakness, they can execute arbitrary JavaScript in the context of the user's session, potentially leading to unauthorized actions and data exposure.",WordPress,WP Finance,5.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-01T06:00:13.000Z,true,false,false,,2025-02-01T06:00:13.224Z,0
CVE-2024-13096,https://securityvulnerability.io/vulnerability/CVE-2024-13096,CSRF Threat in WP Finance Plugin from WordPress,"The WP Finance plugin for WordPress, up to version 1.3.6, lacks proper CSRF token validation in several areas, and it fails to adequately sanitize and escape user inputs. This oversight can enable attackers to exploit these vulnerabilities, potentially allowing unauthorized commands to be accepted by the server, resulting in the injection of Stored XSS payloads by logged-in administrators through CSRF attacks. Such weakness emphasizes the need for stringent checks and sanitization processes to protect against unauthorized access and data manipulation.",WordPress,WP Finance,4.6,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-01T06:00:11.000Z,true,false,false,,2025-02-01T06:00:11.746Z,0
CVE-2024-12768,https://securityvulnerability.io/vulnerability/CVE-2024-12768,Stored Cross-Site Scripting Vulnerability in Responsive iframe Plugin for WordPress,"The Responsive iframe plugin for WordPress, up to version 1.2.0, is susceptible to Stored Cross-Site Scripting due to improper validation and escaping of block options. This flaw allows authenticated users with contributor roles and higher to inject malicious scripts. When these scripts are outputted within a page or post, they can execute in the context of other users, potentially compromising user data and site integrity.",WordPress,Responsive Iframe,5.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-01T06:00:03.000Z,true,false,false,,2025-02-01T06:00:03.095Z,0
CVE-2024-13226,https://securityvulnerability.io/vulnerability/CVE-2024-13226,Reflected Cross-Site Scripting in A5 Custom Login Page Plugin for WordPress,"The A5 Custom Login Page plugin for WordPress versions up to 2.8.1 is vulnerable to a reflected Cross-Site Scripting (XSS) attack. This occurs when the plugin fails to properly sanitize and escape user-input parameters before rendering them on the page. This leading to potential attacks against high-privilege users, including administrators, who may unknowingly execute malicious scripts. Understanding and mitigating this vulnerability is crucial for maintaining site security.",WordPress,A5 Custom Login Page,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:17.000Z,true,false,false,,2025-01-31T06:00:17.007Z,0
CVE-2024-13225,https://securityvulnerability.io/vulnerability/CVE-2024-13225,Reflected Cross-Site Scripting Vulnerability in ECT Home Page Products Plugin for WordPress,"The ECT Home Page Products plugin for WordPress, up to version 1.9, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This occurs due to improper sanitization and escaping of parameters before rendering them on the web page. Attackers could exploit this flaw to inject malicious scripts, potentially targeting high privilege users, including administrators. Such exploitation could compromise the security of the website and its users, making it crucial for operators to update their plugin to the latest version and apply necessary security measures.",WordPress,Ect Home Page Products,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:16.000Z,true,false,false,,2025-01-31T06:00:16.734Z,0
CVE-2024-13224,https://securityvulnerability.io/vulnerability/CVE-2024-13224,Reflected XSS Vulnerability in SlideDeck 1 Lite Content Slider Plugin by WordPress,"The SlideDeck 1 Lite Content Slider plugin for WordPress, in versions up to 1.4.8, contains a vulnerability that allows an attacker to inject malicious scripts via a non-sanitized parameter. This unescaped output can lead to the execution of scripts in the context of a user's session, particularly affecting high privilege users such as administrators, thereby compromising the security of the WordPress site.",WordPress,Slidedeck 1 Lite Content Slider,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:16.000Z,true,false,false,,2025-01-31T06:00:16.447Z,0
CVE-2024-13223,https://securityvulnerability.io/vulnerability/CVE-2024-13223,Reflected Cross-Site Scripting Vulnerability in Tabulate WordPress Plugin,"The Tabulate plugin for WordPress, up to version 2.10.3, has a vulnerability where certain parameters are not properly sanitized or escaped before being outputted into the web page. This shortcoming can lead to reflected cross-site scripting (XSS) attacks, potentially allowing malicious actors to execute scripts in the context of users, including those with high privileges like administrators. Malicious payloads could be crafted and triggered, exposing sensitive information or enabling other harmful actions within the WordPress environment.",WordPress,Tabulate,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:16.000Z,true,false,false,,2025-01-31T06:00:16.215Z,0
CVE-2024-13222,https://securityvulnerability.io/vulnerability/CVE-2024-13222,Reflected Cross-Site Scripting in User Messages Plugin for WordPress,"The User Messages plugin for WordPress up to version 1.2.4 is susceptible to a Reflected Cross-Site Scripting vulnerability. This issue arises from the failure to properly sanitize and escape user input before outputting it on web pages. As a result, an attacker can exploit this vulnerability to execute arbitrary scripts in the context of high privilege users, such as administrators, potentially leading to unauthorized access or manipulation of web content.",WordPress,User Messages,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:15.000Z,true,false,false,,2025-01-31T06:00:15.995Z,0
CVE-2024-13221,https://securityvulnerability.io/vulnerability/CVE-2024-13221,Reflected Cross-Site Scripting Vulnerability in Fantastic ElasticSearch Plugin for WordPress,"The Fantastic ElasticSearch WordPress plugin, up to version 4.1.0, exhibits a vulnerability where a parameter is not properly sanitized and escaped before being rendered on the page. This oversight allows for the possibility of reflected Cross-Site Scripting (XSS) attacks, particularly targeting users with elevated privileges, such as administrators. Successful exploitation of this vulnerability could result in unauthorized actions or information disclosure within the WordPress site.",WordPress,Fantastic Elastic,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:15.000Z,true,false,false,,2025-01-31T06:00:15.775Z,0
CVE-2024-13220,https://securityvulnerability.io/vulnerability/CVE-2024-13220,Reflected Cross-Site Scripting Vulnerability in Google Map Professional Plugin by WordPress,"A reflected cross-site scripting vulnerability exists in the Google Map Professional plugin for WordPress (version 1.0 and earlier). The plugin fails to properly sanitize and escape user-supplied input, which can lead to the injection of malicious scripts. This could potentially allow high-privilege users, including administrators, to be targeted, leading to unauthorized actions within the application. Proper sanitization and escaping methods need to be implemented to mitigate this risk and safeguard user data.",WordPress,WordPress Google Map Professional (map In Your Language),6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:15.000Z,true,false,false,,2025-01-31T06:00:15.556Z,0
CVE-2024-13219,https://securityvulnerability.io/vulnerability/CVE-2024-13219,Reflected Cross-Site Scripting in Privacy Policy Genius WordPress Plugin,"The Privacy Policy Genius WordPress plugin, up to version 2.0.4, is susceptible to reflected cross-site scripting due to improper sanitization and escaping of user parameters. This flaw can allow malicious actors to inject and execute arbitrary scripts in the context of high privilege users, such as administrators, potentially compromising sensitive data and site integrity.",WordPress,Privacy Policy Genius,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:15.000Z,true,false,false,,2025-01-31T06:00:15.349Z,0