| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-3956 | InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver | instawp | InstaWP Connect – 1-click WP Staging & Migration | Critical | 9.8 | 2023-07-27 06:54:15 | Deep Dive |
| CVE-2023-3158 | Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject | rahalaboulfeth | Mail Control – Email Customizer, SMTP Deliverability, logging, open and click Tracking | High | 7.2 | 2023-07-12 04:38:46 | Deep Dive |
| CVE-2023-33148 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft | Microsoft Office 2013 Click-to-Run (C2R) | High | 7.8 | 2023-07-11 17:02:16 | Deep Dive |
| CVE-2023-2757 | Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting | pluginbuilders | Waiting: One-click countdowns | High | 7.4 | 2023-05-18 02:04:29 | Deep Dive |
| CVE-2023-25710 | WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) | DIGITALBLUE | Click to Call or Chat Buttons | Medium | 5.9 | 2023-04-25 11:34:01 | Deep Dive |
| CVE-2022-47158 | WordPress alfred24 Click & Collect Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) | Pakpobox | alfred24 Click & Collect | Medium | 5.9 | 2023-04-24 14:16:13 | Deep Dive |
| CVE-2023-28659 | WordPress Plugin Waiting SQL注入漏洞 | - | Waiting: One-click Countdowns WordPress Plugin | 高危 | - | 2023-03-22 00:00:00 | Deep Dive |
| CVE-2010-10007 | lierdakil click-reminder BaseAction.php db_query sql injection | lierdakil | click-reminder | Medium | 5.5 | 2023-01-18 05:58:04 | Deep Dive |
| CVE-2022-4480 | Click to Chat < 3.18.1 - Contributor+ Stored XSS | Unknown | Click to Chat | 中危 | - | 2023-01-16 15:37:49 | Deep Dive |
| CVE-2022-3875 | Click Studios Passwordstate API authentication bypass by assumed-immutable data | Click Studios | Passwordstate | High | 7.3 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-3876 | Click Studios Passwordstate API authorization | Click Studios | Passwordstate | Medium | 4.3 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-3877 | Click Studios Passwordstate URL Field cross site scripting | Click Studios | Passwordstate | Low | 3.5 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-4610 | Click Studios Passwordstate risky encryption | Click Studios | Passwordstate | Low | 1.9 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-4611 | Click Studios Passwordstate hard-coded credentials | Click Studios | Passwordstate | Medium | 4.3 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-4612 | Click Studios Passwordstate insufficiently protected credentials | Click Studios | Passwordstate | Medium | 4.3 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-4613 | Click Studios Passwordstate Browser Extension Provisioning improper authorization | Click Studios | Passwordstate | Medium | 5.0 | 2022-12-19 00:00:00 | Deep Dive |
| CVE-2022-3677 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF | Unknown | Advanced Import : One Click Import for WordPress or Theme Demo Data | 中危 | - | 2022-12-05 16:50:31 | Deep Dive |
| CVE-2022-2375 | WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS | Unknown | WP Sticky Button – Click to Chat | 中危 | - | 2022-08-22 15:01:53 | Deep Dive |
| CVE-2022-2361 | Social Chat < 6.0.5 - Admin+ Stored Cross-Site Scripting | Unknown | WP Social Chat – Click To Chat App | 中危 | - | 2022-08-22 15:01:30 | Deep Dive |
| CVE-2017-20103 | Kama Click Counter Plugin admin.php Blind sql injection | unspecified | Kama Click Counter Plugin | Medium | 6.3 | 2022-06-27 21:50:11 | Deep Dive |