Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 3

Clear Filters
Found 623 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration wpeverestUser Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder Critical 9.8 2026-03-03 04:33:21 Deep Dive
CVE-2026-1565 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload wedevsUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration High 8.8 2026-02-26 19:23:10 Deep Dive
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion wpeverestUser Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder Medium 5.3 2026-02-26 02:23:56 Deep Dive
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass wpeverestUser Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder High 8.1 2026-02-26 02:23:56 Deep Dive
CVE-2025-69377 WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability vanquishUser Extra Fields--2026-02-20 15:46:53 Deep Dive
CVE-2025-69376 WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability vanquishUser Extra Fields--2026-02-20 15:46:52 Deep Dive
CVE-2025-69063 WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability Saad IqbalNew User Approve High 8.6 2026-02-20 15:46:45 Deep Dive
CVE-2025-68002 WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability 100pluginsOpen User Map--2026-02-20 15:46:34 Deep Dive
CVE-2025-67991 WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability vanquishUser Extra Fields--2026-02-20 15:46:32 Deep Dive
CVE-2026-1404 Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 6.1 2026-02-18 14:24:59 Deep Dive
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment metagaussRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Medium 5.3 2026-02-18 10:20:48 Deep Dive
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter specialkUser Submitted Posts – Enable Users to Submit Posts from the Front End Medium 5.3 2026-02-18 09:25:51 Deep Dive
CVE-2025-12071 Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification absikandarFrontend User Notes Medium 4.3 2026-02-18 04:35:43 Deep Dive
CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter webilopUser Language Switch Medium 4.4 2026-02-14 06:42:34 Deep Dive
CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter webilopUser Language Switch Medium 5.5 2026-02-14 06:42:28 Deep Dive
CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception amentotechpvtltdOne to one user Chat by WPGuppy Medium 5.3 2026-02-14 06:42:26 Deep Dive
CVE-2025-31648 Intel Processors 安全漏洞 -Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts. Low 3.9 2026-02-10 16:25:36 Deep Dive
CVE-2025-22885 Intel Trust Domain Extensions 缓冲区错误漏洞 -TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. Medium 4.7 2026-02-10 16:25:15 Deep Dive
CVE-2026-25656 Siemens SINEC NMS和Siemens User Management Component 代码问题漏洞 SiemensSINEC NMS High 7.8 2026-02-10 09:58:55 Deep Dive
CVE-2025-15314 Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. Taniumend-user-cx Medium 5.5 2026-02-09 23:05:17 Deep Dive