| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62913 | WordPress Opal Service plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability | wpopal | Opal Service | Medium | 6.5 | 2025-10-27 01:33:55 | Deep Dive |
| CVE-2025-6934 | Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' | wpopal | Opal Estate Pro – Property Management and Submission | Critical | 9.8 | 2025-07-01 06:43:03 | Deep Dive |
| CVE-2025-47535 | WordPress Opal Woo Custom Product Variation plugin <= 1.2.0 - Arbitrary File Deletion Vulnerability | wpopal | Opal Woo Custom Product Variation | High | 8.6 | 2025-05-23 12:43:32 | Deep Dive |
| CVE-2025-2851 | GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow | GL.iNet | GL-A1300 Slate Plus | High | 8.0 | 2025-04-26 08:00:08 | Deep Dive |
| CVE-2025-2850 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization | GL.iNet | GL-A1300 Slate Plus | Low | 3.5 | 2025-04-26 07:31:04 | Deep Dive |
| CVE-2025-2811 | GL.iNet GL-A1300 Slate Plus API redos | GL.iNet | GL-A1300 Slate Plus | Medium | 5.7 | 2025-04-26 07:00:06 | Deep Dive |
| CVE-2025-31748 | WordPress Opal Portfolio Plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability | wpopal | Opal Portfolio | Medium | 6.5 | 2025-04-01 14:51:09 | Deep Dive |
| CVE-2025-27792 | Opal vulnerable to CSRF protection bypass | obiba | opal | 中危 | - | 2025-03-11 21:49:51 | Deep Dive |
| CVE-2025-27101 | Broken Access Control in Opal filesystem's copy functionality exposes all user data | obiba | opal | 中危 | - | 2025-03-11 21:32:49 | Deep Dive |
| CVE-2024-52444 | WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability | wpopal | Opal Woo Custom Product Variation | High | 7.5 | 2024-11-20 11:08:36 | Deep Dive |
| CVE-2024-7649 | Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting | wpopal | Opal Membership | Medium | 6.1 | 2024-08-10 03:23:27 | Deep Dive |
| CVE-2024-7648 | Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure | wpopal | Opal Membership | Medium | 4.3 | 2024-08-10 03:23:26 | Deep Dive |
| CVE-2024-3666 | Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpopal | Opal Estate Pro – Property Management and Submission | Medium | 6.4 | 2024-05-22 07:37:25 | Deep Dive |
| CVE-2024-33649 | WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability | WpOpal | Opal Widgets For Elementor | Medium | 6.5 | 2024-04-29 04:53:15 | Deep Dive |
| CVE-2021-4388 | Opal Estate <= 1.6.11 - Missing Authorization | wpopal | Opal Estate | Medium | 4.3 | 2023-07-01 04:26:52 | Deep Dive |
| CVE-2021-4387 | Opal Estate <= 1.6.11 - Cross-Site Request Forgery Bypass | wpopal | Opal Estate | Medium | 4.3 | 2023-07-01 03:30:15 | Deep Dive |
| CVE-2022-29449 | WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability | wpopal | Opal Hotel Room Booking (WordPress plugin) | Medium | 4.1 | 2022-05-19 15:15:18 | Deep Dive |