Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 77 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-0894 Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode vanderwijkContent Blocks (Custom Post Widget) Medium 6.4 2026-04-18 09:26:52 Deep Dive
CVE-2026-3554 Sherk Custom Post Type Displays <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute sherkspearSherk Custom Post Type Displays Medium 6.4 2026-03-21 03:27:06 Deep Dive
CVE-2026-1883 Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion wickedpluginsWicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types Medium 4.3 2026-03-15 01:19:06 Deep Dive
CVE-2025-23667 WordPress custom-post-edit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability Christopher Churchillcustom-post-edit High 7.1 2025-12-31 19:54:20 Deep Dive
CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability page-carbajalCustom Post Status High 7.1 2025-12-31 05:34:27 Deep Dive
CVE-2025-14056 Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter webdevstudiosCustom Post Type UI Medium 4.4 2025-12-13 03:20:26 Deep Dive
CVE-2025-62996 WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability Code AmpCustom Layouts – Post + Product grids made easy--2025-12-09 14:52:26 Deep Dive
CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification webdevstudiosCustom Post Type UI Medium 4.8 2025-12-04 06:48:41 Deep Dive
CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion farvehandlerenCustom Post Type Medium 4.3 2025-11-21 07:31:51 Deep Dive
CVE-2025-64224 WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Cross Site Scripting (XSS) vulnerability ThemeGoodsGrand Conference Theme Custom Post Type 中危 -2025-11-06 15:56:10 Deep Dive
CVE-2025-62907 WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability aviplugins.comCustom Post Type Attachment Medium 6.5 2025-10-27 01:33:53 Deep Dive
CVE-2025-60116 WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerability ThemeGoodsGrand Conference Theme Custom Post Type Medium 5.4 2025-09-26 08:31:34 Deep Dive
CVE-2025-58255 WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability yonisinkCustom Post Type Images Critical 9.6 2025-09-22 18:23:26 Deep Dive
CVE-2025-28975 WordPress Alike - WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability redqteamAlike - WordPress Custom Post Comparison High 7.1 2025-08-14 10:34:34 Deep Dive
CVE-2025-5084 Post Grid Master <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text'] mdshuvoPost Grid Master — Post Grids & AJAX Filters Medium 6.1 2025-07-24 09:22:15 Deep Dive
CVE-2025-52726 WordPress CouponXxL Custom Post Types plugin <= 3.0 - Privilege Escalation Vulnerability pebasCouponXxL Custom Post Types High 8.6 2025-06-27 11:52:26 Deep Dive
CVE-2025-5940 Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter osompressOsom Blocks Medium 6.4 2025-06-27 07:22:23 Deep Dive
CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS UnknownCustom Post Carousels with Owl--2025-06-20 06:00:12 Deep Dive
CVE-2025-29013 WordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control Vulnerability faaiqCustom Category/Post Type Post order Medium 5.4 2025-06-06 12:54:25 Deep Dive
CVE-2025-30942 WordPress Post Custom Templates Lite plugin <= 1.14 - Cross Site Scripting (XSS) Vulnerability OTWthemesPost Custom Templates Lite Medium 5.9 2025-06-06 12:54:14 Deep Dive