Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 697 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-13835 Post Meta Data Manager <= 1.4.4 - Authentciated (Admin+) Multisite Privilege Escalation gandhihitesh9Post Meta Data Manager High 7.2 2025-03-08 02:24:04 Deep Dive
CVE-2025-1504 Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure andyexeterPost Lockdown Medium 4.3 2025-03-08 02:24:04 Deep Dive
CVE-2025-23956 WordPress WP Easy Post Mailer Plugin <= 0.64 - Reflected Cross Site Scripting (XSS) vulnerability Richard LeishmanWP Easy Post Mailer High 7.1 2025-03-03 13:30:21 Deep Dive
CVE-2025-23586 WordPress WP Post Category Notifications plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability MAL73049WP Post Category Notifications High 7.1 2025-03-03 13:30:14 Deep Dive
CVE-2025-23517 WordPress Google Map on Post/Page plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability sunil chaulagainGoogle Map on Post/Page High 7.1 2025-03-03 13:30:09 Deep Dive
CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure pickpluginsPost Grid Medium 5.3 2025-02-28 04:21:56 Deep Dive
CVE-2024-13634 Post Sync <= 1.1 - Reflected XSS UnknownPost Sync 中危 -2025-02-26 06:00:11 Deep Dive
CVE-2024-13571 Post Timeline < 2.3.10 - Reflected XSS UnknownPost Timeline 高危 -2025-02-26 06:00:08 Deep Dive
CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode themekraftPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Medium 6.4 2025-02-22 04:21:17 Deep Dive
CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation pickpluginsPost Grid Medium 5.3 2025-02-22 04:21:16 Deep Dive
CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution keesiemeijerCustom Post Type Date Archives High 7.3 2025-02-22 03:21:00 Deep Dive
CVE-2024-13900 Head, Footer and Post Injections <= 3.3.0 - Authenticated (Administrator+) PHP Code Injection in Multisite Environments satolloHead, Footer and Post Injections Medium 4.1 2025-02-21 11:09:33 Deep Dive
CVE-2024-6432 Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter vanderwijkContent Blocks (Custom Post Widget) Medium 6.4 2025-02-20 09:21:37 Deep Dive
CVE-2025-0521 Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting saadiqbalPost SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App High 7.2 2025-02-18 11:10:19 Deep Dive
CVE-2025-24614 WordPress Post Timeline Plugin <= 2.3.9 - Reflected Cross Site Scripting (XSS) vulnerability Agile LogixPost Timeline High 7.1 2025-02-14 12:44:35 Deep Dive
CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability MuraliPush Notification for Post and BuddyPress Medium 6.5 2025-02-14 12:44:32 Deep Dive
CVE-2025-23652 WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability Fabio ZuanonAdd custom content after post High 7.1 2025-02-14 12:44:31 Deep Dive
CVE-2025-26580 WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability Complete SEOPage/Post Specific Social Share Buttons High 7.1 2025-02-13 13:53:07 Deep Dive
CVE-2025-26569 WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability callmeforsoxPost Thumbs High 7.1 2025-02-13 13:53:03 Deep Dive
CVE-2025-25139 WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability Cynob IT ConsultancyWP Custom Post RSS Feed High 7.1 2025-02-07 10:11:50 Deep Dive