| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25357 | WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability | azzaroco | Ultimate Membership Pro | High | 8.1 | 2026-03-25 16:14:45 | Deep Dive |
| CVE-2026-25346 | WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability | Ays Pro | FAQ Builder AYS | 中危 | - | 2026-03-25 16:14:43 | Deep Dive |
| CVE-2026-25334 | WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability | wordpresschef | Salon Booking System Pro | High | 8.1 | 2026-03-25 16:14:42 | Deep Dive |
| CVE-2026-24989 | WordPress SUMO Affiliates Pro plugin < 11.4.0 - PHP Object Injection vulnerability | FantasticPlugins | SUMO Affiliates Pro | Critical | 9.8 | 2026-03-25 16:14:36 | Deep Dive |
| CVE-2019-25637 | X-NetStat Pro 5.63 Local Buffer Overflow via EggHunter | Freshsoftware | NetStat Pro | High | 8.4 | 2026-03-24 11:27:10 | Deep Dive |
| CVE-2026-4001 | Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula | acowebs | Woocommerce Custom Product Addons Pro | Critical | 9.8 | 2026-03-23 23:25:49 | Deep Dive |
| CVE-2026-4597 | 648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection | 648540858 | wvp-GB28181-pro | Medium | 6.3 | 2026-03-23 20:15:05 | Deep Dive |
| CVE-2019-25557 | TwistedBrush Pro Studio 24.06 Denial of Service via srp File | Pixarra | TwistedBrush Pro Studio | Medium | 6.2 | 2026-03-21 12:46:59 | Deep Dive |
| CVE-2019-25556 | TwistedBrush Pro Studio 24.06 Resize Image Denial of Service | Pixarra | TwistedBrush Pro Studio | Medium | 6.2 | 2026-03-21 12:46:58 | Deep Dive |
| CVE-2019-25555 | TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service | Pixarra | TwistedBrush Pro Studio | Medium | 6.2 | 2026-03-21 12:46:57 | Deep Dive |
| CVE-2026-1886 | Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute | hrs2015 | Go Night Pro | WordPress Dark Mode Plugin | Medium | 6.4 | 2026-03-21 03:26:45 | Deep Dive |
| CVE-2026-2290 | Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field | jurajsim | Post Affiliate Pro | Low | 3.8 | 2026-03-21 03:26:40 | Deep Dive |
| CVE-2026-4493 | Tenda A18 Pro MAC Filtering Configuration Endpoint setMacFilterCfg sub_423B50 stack-based overflow | Tenda | A18 Pro | High | 8.8 | 2026-03-20 17:32:12 | Deep Dive |
| CVE-2026-4492 | Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow | Tenda | A18 Pro | High | 8.8 | 2026-03-20 17:02:21 | Deep Dive |
| CVE-2026-4491 | Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow | Tenda | A18 Pro | High | 8.8 | 2026-03-20 16:32:18 | Deep Dive |
| CVE-2026-4490 | Tenda A18 Pro openSchedWifi setSchedWifi stack-based overflow | Tenda | A18 Pro | High | 8.8 | 2026-03-20 16:32:13 | Deep Dive |
| CVE-2026-22898 | QVR Pro | QNAP Systems Inc. | QVR Pro | 中危 | - | 2026-03-20 16:21:30 | Deep Dive |
| CVE-2026-4489 | Tenda A18 Pro fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow | Tenda | A18 Pro | High | 8.8 | 2026-03-20 16:02:14 | Deep Dive |
| CVE-2026-4038 | Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call | CodeRevolution | Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit | Critical | 9.8 | 2026-03-20 03:37:02 | Deep Dive |
| CVE-2026-27070 | WordPress Everest Forms Pro plugin <= 1.9.12 - Cross Site Scripting (XSS) vulnerability | WPEverest | Everest Forms Pro | High | 7.1 | 2026-03-19 08:43:56 | Deep Dive |