Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 66 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function bitpressadminChat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Medium 4.9 2025-02-14 11:10:58 Deep Dive
CVE-2025-24738 WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability Jerry RietveldCall Now Button Medium 4.3 2025-01-24 17:25:15 Deep Dive
CVE-2025-23605 WordPress Call To Action Popup plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability lampdCall To Action Popup High 7.1 2025-01-22 14:29:16 Deep Dive
CVE-2025-24001 WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability Ngô Thắng ITPPO Call To Actions High 7.1 2025-01-21 13:57:37 Deep Dive
CVE-2025-23745 WordPress Call me Now plugin <= 1.0.5 - CSRF to Stored XSS vulnerability Tussendoor B.V.Call me Now High 7.1 2025-01-16 20:06:51 Deep Dive
CVE-2024-49417 SAMSUNG Smart Touch Call 安全漏洞 Samsung MobileSmart Touch Call Low 2.0 2024-12-03 05:48:02 Deep Dive
CVE-2024-53730 WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability springthistleApril's Call Posts High 7.1 2024-12-02 13:43:30 Deep Dive
CVE-2024-49236 WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability Hafiz Uddin AhmedCrazy Call To Action Box Medium 6.5 2024-10-18 09:48:12 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS UnknownFloating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button --2024-06-13 06:00:03 Deep Dive
CVE-2024-2908 Call Now Button < 1.4.7 - Admin+ Stored XSS UnknownCall Now Button --2024-04-26 05:00:04 Deep Dive
CVE-2024-2972 Floating Chat Widget < 3.1.9 - Editor+ Stored XSS UnknownFloating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button 中危 -2024-04-24 05:00:03 Deep Dive
CVE-2024-0898 Chat Bubble <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting bluecoralChat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back Medium 4.4 2024-03-13 15:27:09 Deep Dive
CVE-2023-51361 WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) Ginger PluginsSticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button Medium 5.9 2023-12-29 11:01:30 Deep Dive
CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) Bit AssistChat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget Medium 5.9 2023-12-29 10:58:40 Deep Dive
CVE-2023-48769 WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF) Blue CoralChat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back Medium 4.3 2023-12-18 21:57:08 Deep Dive
CVE-2023-47829 WordPress Quick Call Button Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) CodezQuick Call Button Medium 5.9 2023-11-22 23:09:01 Deep Dive
CVE-2023-47819 WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) Dang Ngoc BinhEasy Call Now by ThikShare Medium 4.3 2023-11-22 18:46:58 Deep Dive
CVE-2023-32602 WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) LOKALYZECALL ME NOW 中危 -2023-11-09 20:59:06 Deep Dive
CVE-2023-5051 CallRail Phone Call Tracking <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode callrailCallRail Phone Call Tracking Medium 6.4 2023-10-27 03:16:17 Deep Dive