Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-49300 WordPress Hero Menu plugin <= 1.16.5 - Reflected Cross Site Scripting (XSS) vulnerability NotFoundHero Mega Menu - Responsive WordPress Menu Plugin High 7.1 2025-01-21 13:40:32 Deep Dive
CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read imithemesEventer - WordPress Event & Booking Manager Plugin Medium 6.5 2025-01-17 05:29:28 Deep Dive
CVE-2024-13333 Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload saadiqbalAdvanced File Manager — Ultimate WordPress File Manager and Document Library Plugin High 7.5 2025-01-17 05:29:27 Deep Dive
CVE-2025-23842 WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability Nilesh ShiragaveWordPress Gallery Plugin High 7.1 2025-01-16 20:07:22 Deep Dive
CVE-2025-23435 WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability marcucciPassword Protect Plugin for WordPress High 7.1 2025-01-16 20:06:07 Deep Dive
CVE-2025-22762 WordPress Octrace Support Pro plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability OctraceWordPress HelpDesk & Support Ticket System Plugin – Octrace Support Medium 5.9 2025-01-15 15:23:24 Deep Dive
CVE-2024-12412 Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting magepeopleteamBooking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment Medium 6.1 2025-01-11 07:21:53 Deep Dive
CVE-2024-12473 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Authenticated (Contributor+) SQL Injection opacewebdesignOpace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic Medium 6.5 2025-01-10 03:21:30 Deep Dive
CVE-2024-12606 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update opacewebdesignOpace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic Medium 4.3 2025-01-10 03:21:30 Deep Dive
CVE-2025-22295 WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability TripettoWordPress form builder plugin for contact forms, surveys and quizzes – Tripetto 中危 -2025-01-09 15:39:33 Deep Dive
CVE-2024-12616 Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update bitlydeveloperBitly's WordPress Plugin Medium 4.3 2025-01-09 11:11:03 Deep Dive
CVE-2024-11929 Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting mpcResponsive FlipBook Plugin Wordpress Medium 6.4 2025-01-09 11:10:58 Deep Dive
CVE-2024-12605 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update opacewebdesignOpace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic Medium 4.3 2025-01-09 11:10:58 Deep Dive
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion stylemixPearl – Header Builder Medium 4.3 2025-01-09 11:10:57 Deep Dive
CVE-2024-11270 WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation wpwebinarsystemWebinarPress – Webinar System for WordPress High 8.8 2025-01-08 04:18:00 Deep Dive
CVE-2024-11271 WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates wpwebinarsystemWebinarPress – Webinar System for WordPress High 8.8 2025-01-08 04:17:59 Deep Dive
CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting hassantafreshiEasy Form Builder by WhiteStudio — Drag & Drop Form Builder Medium 6.4 2025-01-08 03:18:11 Deep Dive
CVE-2025-22349 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability WP MarkaWordPress Auction Plugin High 7.6 2025-01-07 10:48:41 Deep Dive
CVE-2024-8857 WordPress Auction <= 3.7 - Editor+ Stored XSS UnknownWordPress Auction Plugin 中危 -2025-01-07 06:00:06 Deep Dive
CVE-2024-8855 WordPress Auction <= 3.7 - Editor+ SQL Injection UnknownWordPress Auction Plugin 中危 -2025-01-07 06:00:05 Deep Dive