Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability WP MarkaWordPress Auction Plugin Critical 9.3 2024-12-06 13:07:23 Deep Dive
CVE-2024-11336 Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting dactumClickbank WordPress Plugin (Storefront) Medium 6.1 2024-12-06 08:24:53 Deep Dive
CVE-2024-11854 Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter webiliaListdom: AI-powered Business Directory with Classifieds Ads Listings Medium 6.4 2024-12-04 11:08:26 Deep Dive
CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library extendthemesColibri Page Builder Medium 6.4 2024-12-04 08:22:47 Deep Dive
CVE-2024-11453 WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting samdaniGS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Medium 6.4 2024-12-03 07:34:54 Deep Dive
CVE-2024-8672 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution marketingfireWidget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Critical 9.9 2024-11-28 09:47:12 Deep Dive
CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation eyecixJobSearch WP Job Board Critical 9.8 2024-11-28 07:14:08 Deep Dive
CVE-2024-9461 Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings boldgridTotal Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid High 7.2 2024-11-26 13:56:54 Deep Dive
CVE-2024-11202 Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode creativemindssolutionsCM Header and Footer – Add custom scripts and styles to your header and footer with ease Medium 6.1 2024-11-26 07:31:32 Deep Dive
CVE-2024-11036 GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings rubengcGamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress High 7.3 2024-11-19 11:02:29 Deep Dive
CVE-2024-10728 PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation wpxpoPost Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX High 8.8 2024-11-16 04:29:15 Deep Dive
CVE-2024-10260 Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload tripettoWordPress form builder plugin for contact forms, surveys and quizzes – Tripetto High 7.2 2024-11-15 05:30:56 Deep Dive
CVE-2024-52376 WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability cmsMindsBoat Rental Plugin for WordPress Critical 10.0 2024-11-14 18:08:06 Deep Dive
CVE-2024-10571 Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source ays-proChartify – WordPress Chart Plugin Critical 9.8 2024-11-14 11:00:13 Deep Dive
CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting smubCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More Medium 6.1 2024-11-09 06:41:30 Deep Dive
CVE-2024-10187 myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 6.4 2024-11-08 09:29:34 Deep Dive
CVE-2024-8323 Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute fatcatappsPricing Table WordPress Plugin – Easy Pricing Tables Medium 6.4 2024-11-06 11:32:03 Deep Dive
CVE-2024-8615 WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload eyecixJobSearch WP Job Board Critical 10.0 2024-11-06 08:29:58 Deep Dive
CVE-2024-8614 WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload eyecixJobSearch WP Job Board Critical 9.9 2024-11-06 08:29:57 Deep Dive
CVE-2024-10028 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log everestthemesEverest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin High 7.5 2024-11-05 23:28:42 Deep Dive