Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 253 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2023-6696 Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure popupbuilderPopup Builder – Create highly converting, mobile friendly marketing popups. High 8.1 2024-06-15 02:02:01 Deep Dive
CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions popupbuilderPopup Builder – Create highly converting, mobile friendly marketing popups. High 7.4 2024-06-15 02:01:58 Deep Dive
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress High 8.8 2024-06-12 09:33:12 Deep Dive
CVE-2024-35691 WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability Marketing Fire, LLCWidget Options - Extended Medium 4.3 2024-06-08 14:38:09 Deep Dive
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Critical 9.8 2024-06-05 05:33:06 Deep Dive
CVE-2024-35668 WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability BrevoNewsletter, SMTP, Email marketing and Subscribe forms by Sendinblue High 7.1 2024-06-04 13:48:46 Deep Dive
CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability plugineverWP Content Pilot – Autoblogging & Affiliate Marketing Plugin Medium 4.3 2024-06-04 09:14:33 Deep Dive
CVE-2024-2506 Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS popupbuilderPopup Builder – Create highly converting, mobile friendly marketing popups. Medium 6.4 2024-06-01 06:51:49 Deep Dive
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 4.3 2024-05-23 05:32:15 Deep Dive
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress High 8.8 2024-05-15 08:34:13 Deep Dive
CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Critical 9.8 2024-05-02 16:52:46 Deep Dive
CVE-2024-1759 WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting alimirWP ULike – Like & Dislike Buttons for Engagement and Feedback Medium 6.4 2024-05-02 16:52:44 Deep Dive
CVE-2024-1797 WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes alimirWP ULike – Like & Dislike Buttons for Engagement and Feedback High 8.8 2024-05-02 16:52:42 Deep Dive
CVE-2024-1572 WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode alimirWP ULike – Like & Dislike Buttons for Engagement and Feedback Medium 6.4 2024-05-02 16:52:04 Deep Dive
CVE-2024-21078 Oracle E-Business Suite 的 Oracle Marketing 安全漏洞 Oracle CorporationMarketing High 7.5 2024-04-16 21:26:25 Deep Dive
CVE-2024-21079 Oracle E-Business Suite 的 Oracle Marketing 安全漏洞 Oracle CorporationMarketing High 7.5 2024-04-16 21:26:25 Deep Dive
CVE-2024-32101 WordPress Email Marketing for WooCommerce plugin <= 1.14.3 - Cross Site Request Forgery (CSRF) vulnerability OmnisendEmail Marketing for WooCommerce by Omnisend Medium 4.3 2024-04-15 08:49:01 Deep Dive
CVE-2024-2125 EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload dattateccomEnvíaloSimple: Email Marketing y Newsletters High 8.8 2024-04-09 18:58:40 Deep Dive
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 4.4 2024-04-06 03:24:43 Deep Dive
CVE-2024-2326 Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin <= 3.6.3 - Cross-Site Request Forgery to Plugin Settings Update supercleansePrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin Medium 4.3 2024-03-23 03:33:42 Deep Dive