Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-10701 Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting scottpatersonTime Clock – A WordPress Employee & Volunteer Time Clock Plugin Medium 6.4 2025-10-24 08:23:58 Deep Dive
CVE-2025-10740 URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation rupok98URL Shortener Plugin For WordPress Medium 6.3 2025-10-24 08:23:57 Deep Dive
CVE-2025-10705 MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery mxchatMxChat – AI Chatbot & Content Generation for WordPress Medium 5.3 2025-10-23 12:32:33 Deep Dive
CVE-2025-62048 WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability WPMU DEV - Your All-in-One WordPress PlatformSmartCrawl Medium 5.4 2025-10-22 14:32:52 Deep Dive
CVE-2025-53422 WordPress WhatsApp Chat for WordPress and WooCommerce plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability ThemeWarriorsWhatsApp Chat for WordPress and WooCommerce--2025-10-22 14:32:33 Deep Dive
CVE-2025-49960 WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability leadbiLeadBI Plugin for WordPress--2025-10-22 14:32:21 Deep Dive
CVE-2025-49953 WordPress ShareBang, Ultimate Social Share Buttons for WordPress Plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability themeinityShareBang, Ultimate Social Share Buttons for WordPress--2025-10-22 14:32:20 Deep Dive
CVE-2025-10047 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection pmbaldhaEmail Tracker Medium 4.9 2025-10-22 08:27:12 Deep Dive
CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 6.5 2025-10-18 06:42:49 Deep Dive
CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset ninjateamFileBird – WordPress Media Library Folders & File Manager Medium 4.3 2025-10-18 06:42:47 Deep Dive
CVE-2025-10187 GSpeech TTS – WordPress Text To Speech Plugin <= 3.17.13 - Authenticated (Admin+) SQL injection creative-solutions-1GSpeech TTS – WordPress Text To Speech Plugin Medium 4.9 2025-10-18 06:42:45 Deep Dive
CVE-2025-10706 Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation Cridio StudioClassifiedPro - reCommerce WordPress Theme High 8.8 2025-10-16 06:47:29 Deep Dive
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting jankimoradiyaFind And Replace content for WordPress High 7.2 2025-10-15 08:26:03 Deep Dive
CVE-2025-6042 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor pebasLisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme High 7.3 2025-10-15 05:23:49 Deep Dive
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE is-human WordPress Pluginis-human WordPress Plugin--2025-10-15 01:23:47 Deep Dive
CVE-2025-10129 WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting mikscoWordPress Live Webcam Widget & Shortcode Medium 6.4 2025-10-11 09:28:42 Deep Dive
CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection webawaysNEX-Forms – Ultimate Forms Plugin for WordPress Medium 4.9 2025-10-11 07:25:58 Deep Dive
CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure everestthemesEverest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin Medium 5.9 2025-10-11 02:24:52 Deep Dive
CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover Elated-ThemesSearch & Go - Directory WordPress Theme Critical 9.8 2025-10-09 07:23:52 Deep Dive
CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation pebasLisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme High 8.8 2025-10-09 03:23:30 Deep Dive