| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1598 | Bdtask Bhojon All-In-One Restaurant Management System User Information profile cross site scripting | Bdtask | Bhojon All-In-One Restaurant Management System | Low | 3.5 | 2026-01-29 17:02:06 | Deep Dive |
| CVE-2025-14386 | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover | shahrukhlinkgraph | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | High | 8.8 | 2026-01-28 11:23:39 | Deep Dive |
| CVE-2025-15516 | All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update | plugins360 | All-in-One Video Gallery | Medium | 4.3 | 2026-01-24 08:26:33 | Deep Dive |
| CVE-2025-14947 | All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion | plugins360 | All-in-One Video Gallery | Medium | 6.5 | 2026-01-23 17:26:07 | Deep Dive |
| CVE-2026-24368 | WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability | Theme-one | The Grid | Medium | 5.3 | 2026-01-22 16:52:45 | Deep Dive |
| CVE-2025-68896 | WordPress WDV One Page Docs plugin <= 1.2.4 - Broken Access Control vulnerability | vrpr | WDV One Page Docs | - | - | 2026-01-22 16:52:12 | Deep Dive |
| CVE-2025-14384 | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure | smub | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic | Medium | 4.3 | 2026-01-16 04:44:36 | Deep Dive |
| CVE-2025-12957 | All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass | plugins360 | All-in-One Video Gallery | High | 8.8 | 2026-01-16 04:44:35 | Deep Dive |
| CVE-2025-14026 | Vulnerable Python version used in Forcepoint One DLP Client | Forcepoint | Forcepoint One Endpoint (F1E) | 高危 | - | 2026-01-06 14:45:29 | Deep Dive |
| CVE-2025-14428 | My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion | premio | All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements | Medium | 4.3 | 2026-01-01 16:19:31 | Deep Dive |
| CVE-2021-47744 | Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root | Cypress | ONE | High | 7.5 | 2025-12-31 18:39:11 | Deep Dive |
| CVE-2025-63004 | WordPress All in One Accessibility plugin <= 1.15 - Broken Access Control vulnerability | Skynet Technologies USA LLC | All in One Accessibility | Medium | 4.3 | 2025-12-31 16:06:59 | Deep Dive |
| CVE-2025-62154 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One plugin <= 1.1.7 - Broken Access Control vulnerability | recorp | AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One | Medium | 4.3 | 2025-12-31 15:41:51 | Deep Dive |
| CVE-2025-64295 | WordPress All In One SEO Pack plugin <= 4.8.6.1 - Sensitive Data Exposure vulnerability | Syed Balkhi | All In One SEO Pack | - | - | 2025-12-18 07:22:15 | Deep Dive |
| CVE-2025-67950 | WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability | Syed Balkhi | All In One SEO Pack | High | 8.5 | 2025-12-16 08:12:58 | Deep Dive |
| CVE-2025-14651 | MartialBE one-hub docker-compose.yml hard-coded key | MartialBE | one-hub | Low | 3.7 | 2025-12-14 08:32:07 | Deep Dive |
| CVE-2025-8779 | All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets | shamsbd71 | All-in-One Addons for Elementor – WidgetKit | Medium | 6.4 | 2025-12-13 07:21:05 | Deep Dive |
| CVE-2025-14166 | WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection | ludwigyou | WPMasterToolKit (WPMTK) – All in one plugin | Medium | 5.3 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-13408 | Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection | foxtheme | Foxtool All-in-One: Contact chat button, Custom login, Media optimize images | Medium | 4.3 | 2025-12-12 03:20:44 | Deep Dive |
| CVE-2025-13152 | Lenovo One Client 安全漏洞 | Lenovo | One Client | High | 7.8 | 2025-12-10 14:08:49 | Deep Dive |