Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Medium 5.3 2026-04-24 03:27:06 Deep Dive
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 7.2 2026-04-23 08:28:26 Deep Dive
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests sendmachineSendmachine for WordPress Critical 9.8 2026-04-22 07:45:38 Deep Dive
CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import wpdatatableswpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Medium 4.7 2026-04-20 22:25:27 Deep Dive
CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Medium 6.4 2026-04-18 01:26:05 Deep Dive
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Medium 6.5 2026-04-17 01:24:37 Deep Dive
CVE-2026-3614 AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation acybaAcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress High 8.8 2026-04-16 05:29:54 Deep Dive
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API onthemapmarketingAccessibly – WordPress Website Accessibility High 7.2 2026-04-15 08:28:18 Deep Dive
CVE-2026-6227 BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter wp_mediaBackWPup – WordPress Backup & Restore Plugin High 7.2 2026-04-14 02:25:48 Deep Dive
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Critical 9.1 2026-04-14 01:25:00 Deep Dive
CVE-2026-3498 BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute wpblockartBlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library Medium 6.4 2026-04-11 01:24:59 Deep Dive
CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter wproyalRoyal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely Medium 6.1 2026-04-10 01:25:01 Deep Dive
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit NextendwebSmart Slider 3 Pro for WordPress Critical 9.8 2026-04-09 22:59:38 Deep Dive
CVE-2023-54359 WordPress adivaha Travel Plugin 2.3 SQL Injection via pid AdivahaWordPress adivaha Travel Plugin High 8.2 2026-04-09 20:54:49 Deep Dive
CVE-2023-54358 WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile AdivahaWordPress adivaha Travel Plugin Medium 6.1 2026-04-09 20:54:49 Deep Dive
CVE-2026-39614 WordPress JW Player for WordPress plugin <= 2.3.6 - Broken Access Control vulnerability ilGheraJW Player for WordPress--2026-04-08 08:30:24 Deep Dive
CVE-2026-39466 WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability WPMU DEV - Your All-in-One WordPress PlatformBroken Link Checker--2026-04-08 08:30:07 Deep Dive
CVE-2026-4654 Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter awesomesupportAwesome Support – WordPress HelpDesk & Support Plugin Medium 5.3 2026-04-08 07:43:03 Deep Dive
CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute realmag777TableOn – WordPress Posts Table Filterable Medium 6.4 2026-04-08 03:36:09 Deep Dive
CVE-2026-4333 LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 6.4 2026-04-08 03:36:08 Deep Dive