Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 799 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-7727 Gutenverse <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks jegstudioGutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Medium 6.4 2025-08-06 06:38:40 Deep Dive
CVE-2025-7502 WPBakery Page Builder for WordPress <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting wpbakeryWPBakery Page Builder Medium 6.4 2025-08-06 01:45:14 Deep Dive
CVE-2025-4684 BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets blockspareBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Medium 6.4 2025-08-01 11:18:55 Deep Dive
CVE-2025-7646 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting posimyththemesThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce Medium 6.4 2025-08-01 06:44:32 Deep Dive
CVE-2025-7443 BerqWP <= 2.2.42 - Unauthenticated Arbitrary File Upload berqwpBerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript High 8.1 2025-08-01 04:24:29 Deep Dive
CVE-2025-6681 Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter delower186Fan Page Medium 6.4 2025-07-29 09:23:46 Deep Dive
CVE-2025-4370 Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload themefusecomBrizy – Page Builder Medium 5.3 2025-07-29 04:23:47 Deep Dive
CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget elemntorElementor Website Builder – more than just a page builder Medium 6.4 2025-07-29 04:23:46 Deep Dive
CVE-2025-3075 Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting elemntorElementor Website Builder – more than just a page builder Medium 6.4 2025-07-29 04:23:45 Deep Dive
CVE-2025-4685 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets gutentorGutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor Medium 6.4 2025-07-21 07:23:24 Deep Dive
CVE-2025-31070 WordPress HTML5 Radio Player - WPBakery Page Builder Addon plugin <= 2.5 - Arbitrary File Download vulnerability LambertGroupHTML5 Radio Player - WPBakery Page Builder Addon High 7.5 2025-07-16 11:28:07 Deep Dive
CVE-2025-54006 WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability boldthemesBold Page Builder Medium 6.5 2025-07-16 10:36:40 Deep Dive
CVE-2025-7360 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move htpluginsHT Contact Form – Drag & Drop Form Builder for WordPress Critical 9.1 2025-07-15 04:23:42 Deep Dive
CVE-2025-7340 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload htpluginsHT Contact Form – Drag & Drop Form Builder for WordPress Critical 9.8 2025-07-15 04:23:42 Deep Dive
CVE-2025-7341 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion htpluginsHT Contact Form – Drag & Drop Form Builder for WordPress Critical 9.1 2025-07-15 04:23:41 Deep Dive
CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter stellarwpKadence Blocks — Page Builder Toolkit for Gutenberg Editor Medium 6.4 2025-07-09 01:44:51 Deep Dive
CVE-2025-29001 WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability ZoomItWooCommerce Shop Page Builder Medium 4.3 2025-07-04 08:42:17 Deep Dive
CVE-2025-28967 WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability Steve TrumanContact Us page - Contact people LITE High 8.5 2025-07-04 08:42:14 Deep Dive
CVE-2024-5647 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library blossomthemesBlossomThemes Social Feed Medium 6.4 2025-07-03 09:22:19 Deep Dive
CVE-2025-53206 WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability HT PluginsHT Mega – Absolute Addons for WPBakery Page Builder Medium 6.5 2025-06-27 13:21:02 Deep Dive