Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-0591 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting. wpdatatableswpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Medium 6.1 2024-03-13 15:26:51 Deep Dive
CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Medium 5.3 2024-03-13 15:26:40 Deep Dive
CVE-2024-1176 HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update htpluginsHT Easy GA4 – Google Analytics WordPress Plugin Medium 5.3 2024-03-13 15:26:34 Deep Dive
CVE-2024-1851 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list cservitaffiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Medium 6.3 2024-03-08 06:58:07 Deep Dive
CVE-2024-2298 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product cservitaffiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Medium 4.3 2024-03-08 06:58:06 Deep Dive
CVE-2024-1720 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting wpeverestUser Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder Medium 4.7 2024-03-07 05:32:39 Deep Dive
CVE-2024-1381 Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure pagebuildersandwichPage Builder Sandwich – Front End WordPress Page Builder Plugin Medium 6.5 2024-03-05 01:56:03 Deep Dive
CVE-2024-0825 Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection videogalleryVimeography: Vimeo Video Gallery WordPress Plugin High 8.8 2024-03-05 01:56:02 Deep Dive
CVE-2024-1285 Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing pagebuildersandwichPage Builder Sandwich – Front End WordPress Page Builder Plugin Medium 6.5 2024-03-05 01:56:01 Deep Dive
CVE-2023-51681 WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) DuplicatorDuplicator – WordPress Migration & Backup Plugin Medium 6.5 2024-02-28 16:41:37 Deep Dive
CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password wp_mediaBackWPup – WordPress Backup & Restore Plugin Low 2.2 2024-02-24 08:38:15 Deep Dive
CVE-2024-0604 Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings foopluginsGallery by FooGallery Medium 4.4 2024-02-20 18:56:47 Deep Dive
CVE-2024-0656 Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting saadiqbalPassword Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content Medium 4.4 2024-02-20 18:56:40 Deep Dive
CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change wpwaxDirectorist: AI-Powered Business Directory, Listings & Classified Ads Medium 5.3 2024-02-20 18:56:39 Deep Dive
CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Critical 9.8 2024-02-17 07:36:57 Deep Dive
CVE-2024-24887 WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) Contest GalleryPhotos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress Medium 5.4 2024-02-12 08:43:27 Deep Dive
CVE-2024-24796 WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection MagePeople TeamEvent Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin High 8.2 2024-02-12 07:47:08 Deep Dive
CVE-2023-47526 WordPress Chartify Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) Chart Builder TeamChartify – WordPress Chart Plugin Medium 5.9 2024-02-12 06:53:18 Deep Dive
CVE-2024-23517 WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Cross Site Scripting (XSS) Start BookingScheduling Plugin – Online Booking for WordPress Medium 6.5 2024-02-10 08:08:49 Deep Dive
CVE-2024-24713 WordPress Auto Listings Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS) WP Auto ListingsAuto Listings – Car Listings & Car Dealership Plugin for WordPress Medium 6.5 2024-02-10 08:01:02 Deep Dive