Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 2564 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field collectchatChatbot for WordPress by Collect.chat ⚡️ Medium 6.4 2026-02-14 06:42:37 Deep Dive
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Medium 6.4 2026-02-14 06:42:32 Deep Dive
CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults starfishwpStarfish Review Generation & Marketing for WordPress High 8.8 2026-02-13 21:23:04 Deep Dive
CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download ninjateamFastDup – Fastest WordPress Migration & Duplicator High 8.8 2026-02-12 14:25:41 Deep Dive
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File switcorpActivity Log for WordPress Medium 6.5 2026-02-12 12:31:50 Deep Dive
CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action revmakxWP Duplicate – WordPress Migration Plugin High 8.8 2026-02-06 08:25:26 Deep Dive
CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes ravanhOrange Comfort+ accessibility toolbar for WordPress Medium 6.4 2026-02-06 06:46:29 Deep Dive
CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute bpluginsTimeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) Medium 4.3 2026-02-06 02:23:39 Deep Dive
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update elextensionsELEX WordPress HelpDesk & Customer Ticketing System Medium 5.3 2026-02-05 09:13:45 Deep Dive
CVE-2026-24998 WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability WPMU DEV - Your All-in-One WordPress PlatformHustle--2026-02-03 14:08:38 Deep Dive
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure webawaysNEX-Forms – Ultimate Forms Plugin for WordPress Medium 5.3 2026-01-31 01:23:03 Deep Dive
CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API litonice13WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer Medium 5.3 2026-01-28 14:25:12 Deep Dive
CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting wpblockartBlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library Medium 6.4 2026-01-28 11:23:41 Deep Dive
CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vinod-dalviIvory Search – WordPress Search Plugin Medium 4.4 2026-01-28 08:26:56 Deep Dive
CVE-2026-1400 AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint tigroumeowAI Engine – The Chatbot, AI Framework & MCP for WordPress High 7.2 2026-01-28 08:26:56 Deep Dive
CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes supercleanseBuy Now Plus — Payments with Stripe Medium 6.4 2026-01-28 06:43:43 Deep Dive
CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery tigroumeowAI Engine – The Chatbot, AI Framework & MCP for WordPress Medium 6.4 2026-01-27 18:27:56 Deep Dive
CVE-2026-1189 LeadBI Plugin for WordPress <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_id' Shortcode Attribute leadbiLeadBI Plugin for WordPress Medium 6.4 2026-01-24 09:08:07 Deep Dive
CVE-2026-24627 WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability TrusonaTrusona for WordPress Medium 4.3 2026-01-23 14:29:08 Deep Dive
CVE-2026-24596 WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability marynixieRelated Posts Thumbnails Plugin for WordPress Medium 4.3 2026-01-23 14:29:02 Deep Dive