Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 697 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-0894 Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode vanderwijkContent Blocks (Custom Post Widget) Medium 6.4 2026-04-18 09:26:52 Deep Dive
CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor essentialpluginAccordion and Accordion Slider Critical 9.8 2026-04-17 06:44:49 Deep Dive
CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification wpxpoPost Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Medium 5.3 2026-04-16 07:39:51 Deep Dive
CVE-2026-5717 VI: Include Post By <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute knighthawkVI: Include Post By Medium 6.4 2026-04-15 07:45:29 Deep Dive
CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection shapedpluginSmart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts High 7.2 2026-04-14 05:30:33 Deep Dive
CVE-2026-5711 Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute pubudu-malalasekaraPost Blocks & Tools Medium 6.4 2026-04-08 21:25:27 Deep Dive
CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability PublishPressPost Expirator--2026-04-08 08:30:10 Deep Dive
CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter pr-gatewayBlog2Social: Social Media Auto Post & Scheduler Medium 4.3 2026-04-08 07:43:03 Deep Dive
CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page johnh10Auto Post Scheduler Medium 6.1 2026-03-31 05:28:53 Deep Dive
CVE-2026-4331 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action pr-gatewayBlog2Social: Social Media Auto Post & Scheduler Medium 4.3 2026-03-26 03:37:28 Deep Dive
CVE-2026-32537 WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability nKVisual Portfolio, Photo Gallery & Post Grid 中危 -2026-03-25 16:15:11 Deep Dive
CVE-2026-25001 WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability Saad IqbalPost Snippets High 8.5 2026-03-25 16:14:37 Deep Dive
CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability bdthemesUltimate Post Kit Medium 6.4 2026-03-25 16:14:31 Deep Dive
CVE-2026-2723 Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update phy9pasPost Snippits Medium 6.1 2026-03-21 03:27:10 Deep Dive
CVE-2026-3554 Sherk Custom Post Type Displays <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute sherkspearSherk Custom Post Type Displays Medium 6.4 2026-03-21 03:27:06 Deep Dive
CVE-2026-1275 Multi Post Carousel by Category <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute gbsdeveloperMulti Post Carousel by Category Medium 6.4 2026-03-21 03:27:00 Deep Dive
CVE-2026-1899 Any Post Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute itpathsolutionsAny Post Slider Medium 6.4 2026-03-21 03:26:47 Deep Dive
CVE-2026-2290 Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field jurajsimPost Affiliate Pro Low 3.8 2026-03-21 03:26:40 Deep Dive
CVE-2026-1854 Post Flagger <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slug' Shortcode Attribute nosoycesarosPost Flagger Medium 6.4 2026-03-21 03:26:36 Deep Dive
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' saadiqbalPost SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App High 7.2 2026-03-18 15:28:29 Deep Dive