Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-9776 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import catfoldersCatFolders – WordPress Media Library Folders & Categories Medium 6.5 2025-09-11 04:26:21 Deep Dive
CVE-2025-7718 Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover pixel_primeResideo Plugin for Resideo - Real Estate WordPress Theme High 8.8 2025-09-10 12:25:30 Deep Dive
CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload wpallimportWP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets High 7.2 2025-09-10 06:38:50 Deep Dive
CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure smackcodersWP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress High 7.7 2025-09-10 06:38:49 Deep Dive
CVE-2025-7049 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover dasinfomediaWPGYM - Wordpress Gym Management System High 8.8 2025-09-10 06:38:46 Deep Dive
CVE-2025-58978 WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability WP SwingsPDF Generator for WordPress Medium 5.3 2025-09-09 16:33:18 Deep Dive
CVE-2025-48101 WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability webdevstudiosConstant Contact for WordPress High 8.8 2025-09-09 16:26:04 Deep Dive
CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion BearsthemesGoza - Nonprofit Charity WordPress Theme Critical 9.1 2025-09-09 08:22:37 Deep Dive
CVE-2025-9539 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation Creation rubengcAutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress High 8.0 2025-09-09 06:40:36 Deep Dive
CVE-2025-9542 AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions rubengcAutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress Medium 5.4 2025-09-09 06:40:35 Deep Dive
CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS UnknownAI ChatBot for WordPress--2025-09-09 06:00:09 Deep Dive
CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure sizamREHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme Medium 5.3 2025-09-06 01:45:18 Deep Dive
CVE-2025-7366 Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost sizamREHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme High 7.3 2025-09-06 01:45:17 Deep Dive
CVE-2025-53307 WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability Beaver BuilderWordPress Assistant High 7.1 2025-09-05 16:15:40 Deep Dive
CVE-2025-58862 WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability George SextonWordPress Events Calendar Plugin – connectDaily Medium 6.5 2025-09-05 13:45:41 Deep Dive
CVE-2025-58855 WordPress AP HoneyPot WordPress Plugin Plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability Denis V (Artprima)AP HoneyPot WordPress Plugin High 7.1 2025-09-05 13:45:37 Deep Dive
CVE-2025-58850 WordPress Showpass WordPress Extension Plugin <= 4.0.3 - Cross Site Scripting (XSS) Vulnerability marcshowpassShowpass WordPress Extension Medium 6.5 2025-09-05 13:45:35 Deep Dive
CVE-2025-58846 WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability Dejan MarkovicWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule High 7.1 2025-09-05 13:45:33 Deep Dive
CVE-2025-58806 WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability Tom LongridgeWordPress Error Monitoring by Bugsnag High 7.1 2025-09-05 13:45:10 Deep Dive
CVE-2025-9990 WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion smackcodersWordPress Helpdesk Integration High 8.1 2025-09-05 02:25:02 Deep Dive