Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 4.3 2026-03-12 02:22:37 Deep Dive
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 8.8 2026-03-11 09:25:43 Deep Dive
CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 8.8 2026-03-11 09:25:42 Deep Dive
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 6.5 2026-03-04 01:22:00 Deep Dive
CVE-2026-0974 Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation orderableOrderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin High 8.8 2026-02-19 04:36:22 Deep Dive
CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters yhunterYaMaps for WordPress Plugin Medium 6.4 2026-02-19 04:36:20 Deep Dive
CVE-2025-15041 BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update wp_mediaBackWPup – WordPress Backup & Restore Plugin High 7.2 2026-02-19 04:36:08 Deep Dive
CVE-2025-8781 Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' booksterBookster – WordPress Appointment Booking Plugin Medium 4.9 2026-02-18 12:28:34 Deep Dive
CVE-2026-1656 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification strategy11teamBusiness Directory Plugin – Easy Listing Directories for WordPress Medium 5.3 2026-02-18 08:26:05 Deep Dive
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter strategy11teamBusiness Directory Plugin – Easy Listing Directories for WordPress High 7.5 2026-02-18 04:35:46 Deep Dive
CVE-2026-1296 Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter wpshuffleFrontend Post Submission Manager Lite – Frontend Posting WordPress Plugin Medium 6.1 2026-02-18 04:35:44 Deep Dive
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Medium 6.4 2026-02-14 06:42:32 Deep Dive
CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action revmakxWP Duplicate – WordPress Migration Plugin High 8.8 2026-02-06 08:25:26 Deep Dive
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure webawaysNEX-Forms – Ultimate Forms Plugin for WordPress Medium 5.3 2026-01-31 01:23:03 Deep Dive
CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting wpblockartBlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library Medium 6.4 2026-01-28 11:23:41 Deep Dive
CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vinod-dalviIvory Search – WordPress Search Plugin Medium 4.4 2026-01-28 08:26:56 Deep Dive
CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes supercleanseBuy Now Plus — Payments with Stripe Medium 6.4 2026-01-28 06:43:43 Deep Dive
CVE-2026-1189 LeadBI Plugin for WordPress <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_id' Shortcode Attribute leadbiLeadBI Plugin for WordPress Medium 6.4 2026-01-24 09:08:07 Deep Dive
CVE-2026-24596 WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability marynixieRelated Posts Thumbnails Plugin for WordPress Medium 4.3 2026-01-23 14:29:02 Deep Dive
CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover kodezenAcademy LMS – WordPress LMS Plugin for Complete eLearning Solution Critical 9.8 2026-01-21 01:23:32 Deep Dive