| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0626 | WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode | getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | Medium | 6.4 | 2026-04-04 11:16:14 | Deep Dive |
| CVE-2015-20120 | RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection | Next Click Ventures | RealtyScript | High | 8.2 | 2026-03-15 18:35:44 | Deep Dive |
| CVE-2015-20121 | RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters | Next Click Ventures | RealtyScripts | High | 8.2 | 2026-03-15 18:34:20 | Deep Dive |
| CVE-2015-20119 | RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php | Next Click Ventures | RealtyScript | Medium | 6.4 | 2026-03-15 18:34:18 | Deep Dive |
| CVE-2015-20118 | RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter | Next Click Ventures | RealtyScript | High | 7.2 | 2026-03-15 18:34:17 | Deep Dive |
| CVE-2015-20117 | RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation | Next Click Ventures | RealtyScript | Medium | 5.3 | 2026-03-15 18:34:16 | Deep Dive |
| CVE-2015-20115 | RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter | Next Click Ventures | RealtyScript | High | 7.2 | 2026-03-15 18:34:14 | Deep Dive |
| CVE-2015-20116 | RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename | Next Click Ventures | RealtyScript | Medium | 6.1 | 2026-03-15 18:34:14 | Deep Dive |
| CVE-2015-20113 | RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities | Next Click Ventuers | RealtyScript | Medium | 5.3 | 2026-03-15 18:34:12 | Deep Dive |
| CVE-2015-20114 | RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters | Next Click Ventuers | RealtyScript | Medium | 6.1 | 2026-03-15 18:34:12 | Deep Dive |
| CVE-2025-14864 | Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure | virusdie | Virusdie – One-click website security | Medium | 4.3 | 2026-02-19 04:36:19 | Deep Dive |
| CVE-2025-14386 | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover | shahrukhlinkgraph | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | High | 8.8 | 2026-01-28 11:23:39 | Deep Dive |
| CVE-2025-25051 | AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password | AutomationDirect | CLICK Programmable Logic Controller | Medium | 6.1 | 2026-01-22 22:21:18 | Deep Dive |
| CVE-2025-67652 | AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password | AutomationDirect | CLICK Programmable Logic Controller | Medium | 6.1 | 2026-01-22 22:17:54 | Deep Dive |
| CVE-2025-14428 | My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion | premio | All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements | Medium | 4.3 | 2026-01-01 16:19:31 | Deep Dive |
| CVE-2025-11587 | Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update | jgrietveld | Call Now Button – The #1 Click to Call Button for WordPress | Medium | 4.3 | 2025-10-29 12:31:52 | Deep Dive |
| CVE-2025-11632 | Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions | jgrietveld | Call Now Button – The #1 Click to Call Button for WordPress | Medium | 4.3 | 2025-10-29 12:31:51 | Deep Dive |
| CVE-2025-49954 | WordPress WP-Click-Tracker Plugin <= 0.7.3 - Cross Site Scripting (XSS) Vulnerability | mithra62 | WP-Click-Tracker | - | - | 2025-10-22 14:32:20 | Deep Dive |
| CVE-2025-60179 | WordPress Click & Tweet Plugin <= 0.8.9 - Cross Site Scripting (XSS) Vulnerability | Space Studio | Click & Tweet | Medium | 5.9 | 2025-09-26 08:32:11 | Deep Dive |
| CVE-2025-57882 | AutomationDirect CLICK PLUS Improper Resource Shutdown or Release | AutomationDirect | CLICK PLUS C0-0x CPU firmware | Medium | 5.9 | 2025-09-23 22:27:02 | Deep Dive |