| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40730 | WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability | ThemeGrill | ThemeGrill Demo Importer | 中危 | - | 2026-04-15 10:21:34 | Deep Dive |
| CVE-2018-25176 | Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload | Demo | Alive Parish | High | 8.2 | 2026-03-06 12:19:07 | Deep Dive |
| CVE-2026-25021 | WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability | Mizan Themes | Mizan Demo Importer | - | - | 2026-02-03 14:08:40 | Deep Dive |
| CVE-2025-14478 | Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload | kraftplugins | Demo Importer Plus | High | 7.5 | 2026-01-17 07:27:38 | Deep Dive |
| CVE-2025-69091 | WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability | Kraft Plugins | Demo Importer Plus | 中危 | - | 2025-12-30 10:47:58 | Deep Dive |
| CVE-2025-14364 | Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation | kraftplugins | Demo Importer Plus | High | 8.8 | 2025-12-18 09:21:30 | Deep Dive |
| CVE-2025-13334 | Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion | blazethemes | Blaze Demo Importer | High | 8.1 | 2025-12-12 03:20:59 | Deep Dive |
| CVE-2025-13066 | Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass | kraftplugins | Demo Importer Plus | High | 8.8 | 2025-12-05 03:28:37 | Deep Dive |
| CVE-2025-62046 | WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability | CodexThemes | TheGem Demo Import (for WPBakery) | Medium | 6.5 | 2025-11-06 15:55:43 | Deep Dive |
| CVE-2025-62919 | WordPress TS Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability | themeshopy | TS Demo Importer | Medium | 5.4 | 2025-10-27 01:33:57 | Deep Dive |
| CVE-2025-10051 | Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload | themeinwp | Demo Import Kit | High | 7.2 | 2025-10-15 08:25:54 | Deep Dive |
| CVE-2025-58914 | WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerability | Di Themes | Di Themes Demo Site Importer | Medium | 4.3 | 2025-09-26 08:31:12 | Deep Dive |
| CVE-2025-8446 | Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install | blazethemes | Blaze Demo Importer | Medium | 4.3 | 2025-09-16 11:17:09 | Deep Dive |
| CVE-2025-4954 | Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload | Unknown | Axle Demo Importer | - | - | 2025-06-10 06:00:12 | Deep Dive |
| CVE-2025-5136 | Tmall Demo Payment Identifier pay random values | Tmall | Demo | Low | 3.7 | 2025-05-24 23:31:05 | Deep Dive |
| CVE-2025-5135 | Tmall Demo Product Details Page admin cross site scripting | Tmall | Demo | Low | 2.4 | 2025-05-24 22:31:05 | Deep Dive |
| CVE-2025-5134 | Tmall Demo Buy Item Page cross site scripting | Tmall | Demo | Low | 3.5 | 2025-05-24 22:00:08 | Deep Dive |
| CVE-2025-5133 | Tmall Demo Search Box cross site scripting | Tmall | Demo | Medium | 4.3 | 2025-05-24 21:31:04 | Deep Dive |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery | Tmall | Demo | Medium | 4.3 | 2025-05-24 21:00:11 | Deep Dive |
| CVE-2025-5131 | Tmall Demo uploadCategoryImage unrestricted upload | Tmall | Demo | Medium | 4.7 | 2025-05-24 20:31:05 | Deep Dive |