Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 697 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-24995 WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability Iulia CazanLatest Post Shortcode--2026-02-03 14:08:37 Deep Dive
CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting getwpfunnelsMail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Medium 5.4 2026-02-03 06:38:06 Deep Dive
CVE-2026-1081 Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update sauravroxSet Bulk Post Categories Medium 4.3 2026-01-24 07:26:46 Deep Dive
CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode rebelcodeRSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Medium 6.4 2026-01-23 05:29:51 Deep Dive
CVE-2026-24387 WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability Arul Prasad JWP Quick Post Duplicator Medium 4.3 2026-01-22 16:52:48 Deep Dive
CVE-2026-22349 WordPress Menu In Post plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability linux4me2Menu In Post Medium 6.5 2026-01-22 16:52:34 Deep Dive
CVE-2025-68004 WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability Kapil ChughMy Post Order--2026-01-22 16:52:00 Deep Dive
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className rebelcodeRSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Medium 6.1 2026-01-16 07:23:10 Deep Dive
CVE-2026-0680 Real Post Slider Lite <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vk011Real Post Slider Lite Medium 4.4 2026-01-14 05:28:06 Deep Dive
CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure pr-gatewayBlog2Social: Social Media Auto Post & Scheduler Medium 4.3 2026-01-10 06:32:34 Deep Dive
CVE-2025-14718 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation publishpressSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories Medium 5.4 2026-01-09 06:34:55 Deep Dive
CVE-2025-14130 Post Like Dislike <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] cuvixsystemPost Like Dislike Medium 6.1 2026-01-07 09:20:57 Deep Dive
CVE-2025-69361 WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability PublishPressPost Expirator 中危 -2026-01-06 16:36:42 Deep Dive
CVE-2025-69345 WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability BoldGridPost and Page Builder by BoldGrid Medium 4.3 2026-01-06 16:36:39 Deep Dive
CVE-2025-68547 WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability wpwebFollow My Blog Post High 7.5 2026-01-05 10:42:04 Deep Dive
CVE-2025-23667 WordPress custom-post-edit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability Christopher Churchillcustom-post-edit High 7.1 2025-12-31 19:54:20 Deep Dive
CVE-2025-63040 WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability Saad IqbalPost Snippets Medium 4.3 2025-12-31 16:08:19 Deep Dive
CVE-2025-62143 WordPress Post Video Players plugin <= 1.163 - Sensitive Data Exposure vulnerability nicashmuPost Video Players Medium 4.3 2025-12-31 15:49:17 Deep Dive
CVE-2025-62124 WordPress WP Post Signature plugin <= 0.4.1 - Cross Site Scripting (XSS) vulnerability SoliWP Post Signature Medium 5.9 2025-12-31 13:37:54 Deep Dive
CVE-2025-62142 WordPress Post Video Players plugin <= 1.163 - Cross Site Scripting (XSS) vulnerability nicashmuPost Video Players Medium 5.9 2025-12-31 13:21:57 Deep Dive