Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-11171 Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function ays-proChartify – WordPress Chart Plugin Medium 5.3 2025-10-08 05:24:49 Deep Dive
CVE-2025-9858 Auto Bulb Finder for WordPress <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting mtoolstecAuto Bulb Finder for WordPress Medium 6.4 2025-10-03 11:17:20 Deep Dive
CVE-2025-9946 LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting lockerpressLockerPress – WordPress Security Plugin Medium 6.1 2025-09-30 03:35:33 Deep Dive
CVE-2025-8623 WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode bmoredrewWeedMaps Menu for WordPress Medium 6.4 2025-09-30 03:35:29 Deep Dive
CVE-2025-9993 Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion d3rd4v1dBei Fen – WordPress Backup Plugin High 8.1 2025-09-30 03:35:27 Deep Dive
CVE-2025-60156 WordPress AR For WordPress plugin <= 8.36 - Cross Site Request Forgery (CSRF) vulnerability webandprintAR For WordPress Critical 9.6 2025-09-26 08:31:56 Deep Dive
CVE-2025-58674 WordPress core <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability WordPressWordPress Medium 5.9 2025-09-23 18:47:03 Deep Dive
CVE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability WordPressWordPress Medium 4.3 2025-09-23 17:17:12 Deep Dive
CVE-2025-57977 WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerability wpdeskFlexible PDF Invoices for WooCommerce &amp; WordPress High 7.1 2025-09-22 18:24:33 Deep Dive
CVE-2025-57989 WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability Brajesh SinghWordPress Widgets Shortcode Medium 6.5 2025-09-22 18:24:24 Deep Dive
CVE-2025-58020 WordPress Theater for WordPress plugin <= 0.18.8 - Cross Site Scripting (XSS) vulnerability Jeroen SchmitTheater for WordPress Medium 6.5 2025-09-22 18:24:01 Deep Dive
CVE-2025-58665 WordPress Form Generator for WordPress Plugin <= 1.52 - Cross Site Scripting (XSS) Vulnerability tmontg1Form Generator for WordPress Medium 5.9 2025-09-22 18:22:58 Deep Dive
CVE-2025-58669 WordPress Magento 2 WordPress Integration plugin <= 1.4.2.1 - Cross Site Scripting (XSS) vulnerability Modern MindsMagento 2 WordPress Integration Medium 5.9 2025-09-22 18:22:56 Deep Dive
CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation BearsthemesGoza - Nonprofit Charity WordPress Theme Critical 9.8 2025-09-19 02:27:01 Deep Dive
CVE-2025-8565 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation wplegalpagesPrivacy Policy Generator – WPLP Legal Pages High 8.1 2025-09-18 09:31:29 Deep Dive
CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation UnknownPassword Reset with Code for WordPress REST API--2025-09-18 06:00:04 Deep Dive
CVE-2025-9216 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload kodezenStoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More High 8.8 2025-09-17 06:17:49 Deep Dive
CVE-2025-9215 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download kodezenStoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More Medium 6.5 2025-09-17 06:17:48 Deep Dive
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion smackcodersWP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress High 8.1 2025-09-17 05:18:45 Deep Dive
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection smackcodersWP Import – Ultimate CSV XML Importer for WordPress High 8.8 2025-09-17 05:18:45 Deep Dive