Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-2158 WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields mythemeshopWordPress Review Plugin: The Ultimate Solution for Building a Review Website High 8.8 2025-05-10 09:23:01 Deep Dive
CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload 1clickmigration1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone High 8.8 2025-05-09 06:42:36 Deep Dive
CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting webawaysNEX-Forms – Ultimate Forms Plugin for WordPress Medium 6.4 2025-05-08 11:13:45 Deep Dive
CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function webawaysNEX-Forms – Ultimate Forms Plugin for WordPress Medium 6.3 2025-05-08 11:13:44 Deep Dive
CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure themesgroveDownload Manager and Payment Form WordPress Plugin – WP SmartPay Medium 4.3 2025-05-07 01:43:07 Deep Dive
CVE-2024-13322 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection scripteoAds Pro Plugin - Multi-Purpose WordPress Advertising Manager High 7.5 2025-05-02 03:21:19 Deep Dive
CVE-2025-3521 Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting wpspeedoTeam Members Showcase Medium 6.4 2025-05-01 06:40:16 Deep Dive
CVE-2025-2801 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution dorinabcCreate custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress High 7.3 2025-04-26 03:24:24 Deep Dive
CVE-2021-4455 Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload CodeflistWordpress Plugin Smart Product Review Critical 9.8 2025-04-19 07:23:39 Deep Dive
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion WPEverestUser Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin Medium 4.3 2025-04-19 02:22:33 Deep Dive
CVE-2025-39431 WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability Aaron ForgueAmazon Showcase WordPress Plugin High 7.1 2025-04-17 15:16:59 Deep Dive
CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function WPStagingWP STAGING Pro WordPress Backup Plugin Medium 5.3 2025-04-16 08:22:17 Deep Dive
CVE-2024-13338 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache creativemotionClearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer Medium 5.3 2025-04-12 06:37:20 Deep Dive
CVE-2024-13337 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy' creativemotionClearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer Medium 4.3 2025-04-12 06:37:18 Deep Dive
CVE-2025-32114 WordPress 5sterrenspecialist plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability 5sterrenspecialistWordPress 5sterrenspecialist Plugin High 7.1 2025-04-10 08:09:41 Deep Dive
CVE-2025-32597 WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerability George SextonWordPress Events Calendar Plugin – connectDaily High 7.1 2025-04-09 16:09:30 Deep Dive
CVE-2024-8243 Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF UnknownWordPress/Plugin Upgrade Time Out Plugin--2025-04-09 06:00:07 Deep Dive
CVE-2025-31776 WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability AphotraxUptime Robot Plugin for WordPress Medium 4.3 2025-04-01 14:51:23 Deep Dive
CVE-2025-30808 WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability Weblizar - WordPress Themes &amp; PluginAbout Author High 7.1 2025-04-01 05:31:38 Deep Dive
CVE-2024-13567 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory awesomesupportAwesome Support – WordPress HelpDesk & Support Plugin High 7.5 2025-04-01 05:22:46 Deep Dive