Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 8.8 2026-03-11 09:25:43 Deep Dive
CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 8.8 2026-03-11 09:25:42 Deep Dive
CVE-2026-2707 weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API boldgridweForms – Easy Drag & Drop Contact Form Builder For WordPress Medium 6.4 2026-03-11 05:27:18 Deep Dive
CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion dvankootenMC4WP: Mailchimp for WordPress Medium 6.5 2026-03-11 01:22:04 Deep Dive
CVE-2026-28043 WordPress Healer - Doctor, Clinic & Medical WordPress Theme theme <= 1.0.0 - Local File Inclusion vulnerability ThemeREXHealer - Doctor, Clinic & Medical WordPress Theme 中危 -2026-03-05 05:54:15 Deep Dive
CVE-2026-27342 WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability Mikado-ThemesTopFit - Fitness and Gym WordPress Theme 中危 -2026-03-05 05:53:53 Deep Dive
CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability Mikado-ThemesTopScorer - Sports WordPress Theme 中危 -2026-03-05 05:53:53 Deep Dive
CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability AncoraThemesChronicle - Lifestyle Magazine & Blog WordPress Theme 中危 -2026-03-05 05:53:52 Deep Dive
CVE-2026-27339 WordPress Buzz Stone | Magazine & Viral Blog WordPress Theme theme <= 1.0.2 - Local File Inclusion vulnerability AncoraThemesBuzz Stone | Magazine & Viral Blog WordPress Theme 中危 -2026-03-05 05:53:52 Deep Dive
CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability AncoraThemesApollo | Night Club, DJ Event WordPress Theme 中危 -2026-03-05 05:53:52 Deep Dive
CVE-2026-27336 WordPress Consultor | Consulting, Accounting & Legal Counsel WordPress Theme theme <= 1.2.4 - Local File Inclusion vulnerability AncoraThemesConsultor | Consulting, Accounting & Legal Counsel WordPress Theme 中危 -2026-03-05 05:53:51 Deep Dive
CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability axiomthemesAC Services | HVAC, Air Conditioning & Heating Company WordPress Theme 中危 -2026-03-05 05:53:51 Deep Dive
CVE-2026-27097 WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability AncoraThemesCasaMia | Property Rental Real Estate WordPress Theme 中危 -2026-03-05 05:53:50 Deep Dive
CVE-2026-22459 WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability Blend MediaWordPress CTA Medium 6.5 2026-03-05 05:53:45 Deep Dive
CVE-2026-22390 WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Remote Code Execution (RCE) vulnerability BuilderallBuilderall Builder for WordPress 中危 -2026-03-05 05:53:33 Deep Dive
CVE-2025-69343 WordPress Theater for WordPress plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability Jeroen SchmitTheater for WordPress 中危 -2026-03-05 05:53:32 Deep Dive
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 6.5 2026-03-04 01:22:00 Deep Dive
CVE-2025-14040 Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields themesuiteAutomotive Car Dealership Business WordPress Theme Medium 6.4 2026-02-27 06:43:49 Deep Dive
CVE-2026-22381 WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability Mikado-ThemesPawFriends - Pet Shop and Veterinary WordPress Theme--2026-02-20 15:47:07 Deep Dive
CVE-2026-22383 WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability Mikado-ThemesPawFriends - Pet Shop and Veterinary WordPress Theme High 7.5 2026-02-20 15:47:07 Deep Dive