Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2025-36074	Security vulnerability has been detected in IBM Security Verify Directory	IBM	Security Verify Directory (Container)	Medium	5.5	2026-04-22 23:39:35	Deep Dive
CVE-2026-3489	DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'	designinvento	DirectoryPress – Business Directory And Classified Ad Listing	High	7.5	2026-04-16 11:21:21	Deep Dive
CVE-2025-13364	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode	flippercode	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters	Medium	6.4	2026-04-16 06:44:52	Deep Dive
CVE-2026-4979	UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Medium	5.0	2026-04-11 01:25:00	Deep Dive
CVE-2026-4977	UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Medium	4.3	2026-04-10 01:25:01	Deep Dive
CVE-2026-5742	UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Medium	6.4	2026-04-09 03:25:58	Deep Dive
CVE-2025-14938	Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload	purethemes	Listeo-Core - Directory Plugin by Purethemes	Medium	5.3	2026-04-04 11:16:16	Deep Dive
CVE-2025-15064	Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	6.4	2026-04-04 07:41:57	Deep Dive
CVE-2026-4248	Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	High	8.0	2026-03-27 22:26:23	Deep Dive
CVE-2026-2580	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter	flippercode	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters	High	7.5	2026-03-22 23:24:32	Deep Dive
CVE-2026-3516	Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter	anssilaitila	Contact List – Online Staff Directory & Address Book	Medium	6.4	2026-03-20 23:25:13	Deep Dive
CVE-2026-2233	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter	wedevs	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	Medium	5.3	2026-03-15 02:19:15	Deep Dive
CVE-2019-25533	Netartmedia PHP Business Directory 4.2 SQL Injection via loginaction.php	Phpbusinessdirectory	Netartmedia PHP Business Directory	High	8.2	2026-03-12 15:37:04	Deep Dive
CVE-2026-3178	Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'	jeroenpeters1986	Name Directory	High	7.2	2026-03-11 11:09:11	Deep Dive
CVE-2026-3222	WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter	flippercode	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters	High	7.5	2026-03-11 05:27:17	Deep Dive
CVE-2026-28127	WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability	e-plugins	Lawyer Directory	中危	-	2026-03-05 05:54:30	Deep Dive
CVE-2026-27396	WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability	e-plugins	Directory Pro	中危	-	2026-03-05 05:54:00	Deep Dive
CVE-2026-27386	WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability	designthemes	DesignThemes Directory Addon	High	7.5	2026-03-05 05:53:59	Deep Dive
CVE-2026-1565	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload	wedevs	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	High	8.8	2026-02-26 19:23:10	Deep Dive
CVE-2025-14905	389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow	Red Hat	Red Hat Directory Server 11.5 E4S for RHEL 8	High	7.2	2026-02-23 15:41:48	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List