Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-67516 WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability Agile LogixStore Locator WordPress High 8.5 2025-12-09 14:13:57 Deep Dive
CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes ksakaiYet Another WebClap for WordPress Medium 6.4 2025-12-06 05:49:34 Deep Dive
CVE-2025-12577 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update passionuiListar – Directory Listing & Classifieds WordPress Plugin Medium 4.3 2025-12-06 05:49:31 Deep Dive
CVE-2025-12574 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion passionuiListar – Directory Listing & Classifieds WordPress Plugin Medium 4.3 2025-12-06 05:49:25 Deep Dive
CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion projectopiaProjectopia – Project Management Tool Medium 5.3 2025-12-05 09:27:03 Deep Dive
CVE-2025-12124 FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting kevindeesFitVids for WordPress Medium 4.4 2025-12-05 05:31:21 Deep Dive
CVE-2025-13006 SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure wpeka-clubSurveyFunnel – Survey Plugin for WordPress Medium 5.3 2025-12-05 04:29:13 Deep Dive
CVE-2025-12417 SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode wpeka-clubSurveyFunnel – Survey Plugin for WordPress Medium 6.4 2025-12-05 04:29:11 Deep Dive
CVE-2025-10304 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure everestthemesEverest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Medium 5.3 2025-12-03 03:27:15 Deep Dive
CVE-2025-12585 MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure mxchatMxChat – AI Chatbot & Content Generation for WordPress Medium 5.3 2025-12-03 03:27:15 Deep Dive
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action elextensionsELEX WordPress HelpDesk & Customer Ticketing System Medium 6.3 2025-12-02 08:24:54 Deep Dive
CVE-2025-12483 Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection themeisleVisualizer: Tables and Charts Manager for WordPress Medium 6.5 2025-12-02 06:40:26 Deep Dive
CVE-2025-13140 SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion devsoftbalticSurveyJS: Drag & Drop Form Builder Medium 4.3 2025-12-02 06:40:25 Deep Dive
CVE-2025-13697 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute wpblockartBlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library Medium 6.4 2025-12-02 01:51:57 Deep Dive
CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read liquidthemesAI Engine for WordPress: ChatGPT, GPT Content Generator Medium 6.5 2025-11-25 07:28:25 Deep Dive
CVE-2025-12586 Conditional Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery evoluriseConditionnal Maintenance Mode for WordPress Medium 4.3 2025-11-25 07:28:21 Deep Dive
CVE-2024-14015 Studiocart <= 2.9.0 - Reflected XSS UnknownWordPress eCommerce Plugin--2025-11-24 06:00:03 Deep Dive
CVE-2025-7402 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id scripteoAds Pro Plugin - Multi-Purpose WordPress Advertising Manager High 7.5 2025-11-24 04:36:41 Deep Dive
CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' elextensionsELEX WordPress HelpDesk & Customer Ticketing System Medium 4.3 2025-11-21 12:28:10 Deep Dive
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal elextensionsELEX WordPress HelpDesk & Customer Ticketing System Medium 4.3 2025-11-21 12:28:08 Deep Dive