| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4512 | WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS | Unknown | reCaptcha by WebDesignBy | - | - | 2026-04-23 06:00:09 | Deep Dive |
| CVE-2026-4106 | HT Mega < 3.0.7 – Unauthenticated PII Disclosure | Unknown | HT Mega Addons for Elementor | - | - | 2026-04-23 06:00:06 | Deep Dive |
| CVE-2024-7083 | Email Encoder < 2.3.4 - Admin+ Stored XSS | Unknown | Email Encoder | - | - | 2026-04-20 06:00:07 | Deep Dive |
| CVE-2026-3830 | Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi | Unknown | Product Filter for WooCommerce by WBW | 中危 | - | 2026-04-13 06:00:13 | Deep Dive |
| CVE-2025-15441 | Form Maker < 1.15.38 - SQL Injection | Unknown | Form Maker by 10Web | 中危 | - | 2026-04-13 06:00:11 | Deep Dive |
| CVE-2026-4432 | YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR | Unknown | YITH WooCommerce Wishlist | 中危 | - | 2026-04-10 06:00:16 | Deep Dive |
| CVE-2025-14545 | YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed Generation | Unknown | YML for Yandex Market | 中危 | - | 2026-04-10 06:00:14 | Deep Dive |
| CVE-2026-4338 | ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure | Unknown | ActivityPub | - | - | 2026-04-08 06:00:08 | Deep Dive |
| CVE-2026-4079 | SQL Chart Builder < 2.3.8 - Unauthenticated SQL Injection | Unknown | SQL Chart Builder | - | - | 2026-04-07 06:00:12 | Deep Dive |
| CVE-2026-1900 | Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update | Unknown | Link Whisper Free | - | - | 2026-04-07 06:00:11 | Deep Dive |
| CVE-2025-15611 | Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF | Unknown | Popup Box | - | - | 2026-04-07 06:00:10 | Deep Dive |
| CVE-2026-1540 | Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution | Unknown | Spam Protect for Contact Form 7 | - | - | 2026-04-02 06:00:10 | Deep Dive |
| CVE-2026-2696 | Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure | Unknown | Export All URLs | - | - | 2026-04-01 06:00:08 | Deep Dive |
| CVE-2025-15484 | Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass | Unknown | Order Notification for WooCommerce | - | - | 2026-04-01 06:00:05 | Deep Dive |
| CVE-2026-3881 | Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF | Unknown | Performance Monitor | - | - | 2026-03-31 06:00:07 | Deep Dive |
| CVE-2025-15445 | Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation | Unknown | Restaurant Cafeteria | 中危 | - | 2026-03-28 06:00:07 | Deep Dive |
| CVE-2026-1890 | LeadConnector < 3.0.22 - Unauthenticated Rest Call | Unknown | LeadConnector | 中危 | - | 2026-03-26 06:00:10 | Deep Dive |
| CVE-2026-1430 | WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS | Unknown | WP Lightbox 2 | 中危 | - | 2026-03-26 06:00:09 | Deep Dive |
| CVE-2025-15488 | Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution | Unknown | Responsive Plus | 中危 | - | 2026-03-26 06:00:09 | Deep Dive |
| CVE-2025-15433 | Shared Files < 1.7.58 - Contributor+ Arbitrary File Download | Unknown | Shared Files | 中危 | - | 2026-03-26 06:00:07 | Deep Dive |