Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-5207 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection saadiqbalPost SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App High 7.2 2024-05-30 05:33:15 Deep Dive
CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting wpxpoPost Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Medium 6.4 2024-05-30 03:34:28 Deep Dive
CVE-2024-3412 WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload renehermiWP STAGING – WordPress Backup, Restore & Migration Critical 9.1 2024-05-29 08:30:06 Deep Dive
CVE-2024-0434 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save magepeopleteamTravelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution Medium 5.3 2024-05-29 03:30:59 Deep Dive
CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import wpdatatableswpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Medium 4.7 2024-05-23 02:33:06 Deep Dive
CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter strategy11teamBusiness Directory Plugin – Easy Listing Directories for WordPress Critical 9.8 2024-05-22 05:32:48 Deep Dive
CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 6.4 2024-05-22 05:32:47 Deep Dive
CVE-2024-3268 YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation emarket-designVideo Gallery – YouTube Gallery & Responsive Video Playlist Medium 5.3 2024-05-21 11:33:17 Deep Dive
CVE-2024-4700 WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting wptbWP Table Builder – Drag & Drop Table Builder Medium 6.4 2024-05-21 09:31:50 Deep Dive
CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter ValvePressWordPress Automatic Plugin Medium 6.4 2024-05-18 05:40:02 Deep Dive
CVE-2024-0437 Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure saadiqbalPassword Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content Medium 4.3 2024-05-14 23:31:47 Deep Dive
CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS UnknownPost Grid Gutenberg Blocks and WordPress Blog Plugin 中危 -2024-05-13 06:00:01 Deep Dive
CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 6.4 2024-05-10 09:32:09 Deep Dive
CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 5.3 2024-05-10 08:32:35 Deep Dive
CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Critical 9.8 2024-05-10 08:32:33 Deep Dive
CVE-2024-4398 HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets bpluginsHTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player Medium 6.4 2024-05-10 07:33:39 Deep Dive
CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses High 8.8 2024-05-09 20:03:42 Deep Dive
CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery wpjoliJoli FAQ SEO – WordPress FAQ Plugin Medium 4.3 2024-05-09 20:03:38 Deep Dive
CVE-2024-4312 Soccer Engine – Soccer Plugin for WordPress <= 1.12 - Cross-Site Request Forgery daextSoccer Engine – Soccer Plugin for WordPress Medium 4.3 2024-05-09 20:03:28 Deep Dive
CVE-2024-34423 WordPress Forty Four – 404 Plugin for WordPress plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability phpbitsForty Four – 404 Plugin for WordPress Medium 5.9 2024-05-09 11:22:49 Deep Dive