| CVE-2026-1672 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 6.5 | 2026-04-08 11:16:59 | Deep Dive |
| CVE-2026-1673 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 4.3 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-3350 | Image Alt Text Manager <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title | wpsaad | Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI | Medium | 6.4 | 2026-03-20 23:25:14 | Deep Dive |
| CVE-2026-32431 | WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability | Brainstorm Force | Astra Bulk Edit | 中危 | - | 2026-03-13 11:42:18 | Deep Dive |
| CVE-2025-69381 | WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability | vanquish | WooCommerce Bulk Product Editor | - | - | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2026-2001 | WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | wpxpo | WowRevenue – Product Bundles & Bulk Discounts | High | 8.8 | 2026-02-16 19:24:03 | Deep Dive |
| CVE-2026-1081 | Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update | sauravrox | Set Bulk Post Categories | Medium | 4.3 | 2026-01-24 07:26:46 | Deep Dive |
| CVE-2026-22359 | WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | AA-Team | Wordpress Movies Bulk Importer | - | - | 2026-01-22 16:56:49 | Deep Dive |
| CVE-2025-15019 | BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | pagup | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | Medium | 6.4 | 2026-01-09 06:34:52 | Deep Dive |
| CVE-2026-22490 | WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability | niklaslindemann | Bulk Landing Page Creator for WordPress LPagery | Medium | 5.4 | 2026-01-08 16:24:38 | Deep Dive |
| CVE-2025-28973 | WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability | AA-Team | Pro Bulk Watermark Plugin for WordPress | 中危 | - | 2025-12-31 20:02:11 | Deep Dive |
| CVE-2025-12113 | Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion | webtoffee | Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images | Medium | 4.3 | 2025-11-12 07:27:41 | Deep Dive |
| CVE-2025-62921 | WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | Pagup | Bulk Auto Image Title Attribute | - | - | 2025-10-27 01:33:58 | Deep Dive |
| CVE-2025-58845 | WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability | ChrisHurst | Bulk Watermark | High | 7.1 | 2025-09-05 13:45:32 | Deep Dive |
| CVE-2025-58819 | WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability | CreedAlly | Bulk Featured Image | Critical | 9.1 | 2025-09-05 13:45:18 | Deep Dive |
| CVE-2025-4956 | WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability | AA-Team | Pro Bulk Watermark Plugin for WordPress | Medium | 4.3 | 2025-08-30 01:49:20 | Deep Dive |
| CVE-2025-49405 | WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability | Favethemes | Pro Bulk Watermark Plugin for WordPress | Medium | 4.3 | 2025-08-28 12:37:16 | Deep Dive |
| CVE-2025-58192 | WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability | Xylus Themes | WP Bulk Delete | Medium | 4.3 | 2025-08-27 17:45:39 | Deep Dive |
| CVE-2025-5818 | Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery | krasenslavov | Featured Image Plus – Bulk Edit Featured Images, Unsplash & Alt Text Manager | Medium | 5.5 | 2025-07-23 02:24:38 | Deep Dive |
| CVE-2025-47645 | WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability | ELEXtensions | ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes | High | 8.5 | 2025-07-16 11:28:03 | Deep Dive |