Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-9069 Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload besnikacGraphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) Medium 6.4 2024-09-25 02:05:07 Deep Dive
CVE-2024-8437 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation hahncgdevWP Easy Gallery – WordPress Gallery Plugin Medium 4.3 2024-09-24 07:30:46 Deep Dive
CVE-2024-8436 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection hahncgdevWP Easy Gallery – WordPress Gallery Plugin Critical 9.9 2024-09-24 07:30:46 Deep Dive
CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation smubCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More Critical 9.8 2024-09-24 02:31:01 Deep Dive
CVE-2024-8714 WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting iovamihaiAffiliate Program Suite — SliceWP Affiliates Medium 6.1 2024-09-13 15:10:38 Deep Dive
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Critical 10.0 2024-09-12 08:30:47 Deep Dive
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Critical 10.0 2024-09-12 08:30:46 Deep Dive
CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF Unknownblogintroduction-wordpress-plugin--2024-09-12 06:00:07 Deep Dive
CVE-2024-3899 Envira Gallery < 1.8.15 - Author+ Stored XSS UnknownGallery Plugin for WordPress--2024-09-11 06:00:02 Deep Dive
CVE-2024-7112 Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection dotonpaperPinpoint Booking System – Version 2 High 8.8 2024-09-07 11:17:04 Deep Dive
CVE-2024-6849 Preloader Plus – WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload maxsdesignPreloader Plus – WordPress Loading Screen Plugin Medium 6.4 2024-09-07 08:37:03 Deep Dive
CVE-2024-8427 Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update wpshuffleFrontend Post Submission Manager Lite – Frontend Posting WordPress Plugin Medium 4.3 2024-09-06 06:50:55 Deep Dive
CVE-2024-6835 Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form vinod-dalviIvory Search – WordPress Search Plugin Medium 5.3 2024-09-05 06:41:39 Deep Dive
CVE-2024-8319 Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions themeficTourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Medium 4.3 2024-08-30 07:33:10 Deep Dive
CVE-2024-43935 WordPress WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability WP DeliciousDelicious Recipes – WordPress Recipe Plugin Medium 6.5 2024-08-29 18:08:32 Deep Dive
CVE-2024-6499 WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure maxfoundryMaxButtons – Create buttons Medium 5.3 2024-08-24 03:29:24 Deep Dive
CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access deepakkiteFile Sharing & Download Manager – User Private Files Medium 4.3 2024-08-22 10:58:41 Deep Dive
CVE-2024-7384 AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function acybaAcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress High 7.5 2024-08-22 02:02:02 Deep Dive
CVE-2023-5505 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal wp_mediaBackWPup – WordPress Backup & Restore Plugin Medium 6.8 2024-08-17 08:37:24 Deep Dive
CVE-2024-43125 WordPress WP Table Builder plugin <= 1.4.15 - Cross Site Scripting (XSS) vulnerability WP Table BuilderWP Table Builder – WordPress Table Plugin Medium 6.5 2024-08-12 22:36:10 Deep Dive