| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39575 | WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability | Ronald Huereca | Custom Query Blocks | - | - | 2026-04-08 08:30:21 | Deep Dive |
| CVE-2026-4267 | Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI | johnbillion | Query Monitor | High | 7.2 | 2026-03-31 11:29:49 | Deep Dive |
| CVE-2026-32621 | Apollo Federation has prototype pollution via incomplete key sanitization | @apollo | federation-internals | Critical | 9.9 | 2026-03-13 20:29:55 | Deep Dive |
| CVE-2025-14313 | Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via taxo_ajax | Unknown | Advance WP Query Search Filter | 中危 | - | 2025-12-30 06:00:05 | Deep Dive |
| CVE-2025-14312 | Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via counter | Unknown | Advance WP Query Search Filter | 中危 | - | 2025-12-30 06:00:04 | Deep Dive |
| CVE-2025-52602 | HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application | HCL Software | BigFix Query | Medium | 4.2 | 2025-11-05 14:46:47 | Deep Dive |
| CVE-2025-62905 | WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability | Justin Tadlock | Query Posts | Medium | 6.5 | 2025-10-27 01:33:52 | Deep Dive |
| CVE-2025-8562 | Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter | peterhebert | Custom Query Shortcode | Medium | 6.5 | 2025-08-25 09:23:50 | Deep Dive |
| CVE-2025-26743 | WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability | TC.K | Advance WP Query Search Filter | High | 7.1 | 2025-04-15 11:59:05 | Deep Dive |
| CVE-2025-32020 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in crud-query-parser | Guichaguri | crud-query-parser | - | - | 2025-04-08 15:05:26 | Deep Dive |
| CVE-2025-32120 | WordPress Easy Query – WP Query Builder plugin <= 2.0.4 - SQL Injection Vulnerability | edanzer | Easy Query – WP Query Builder | High | 7.6 | 2025-04-04 15:58:21 | Deep Dive |
| CVE-2025-31779 | WordPress Query Wrangler plugin <= 1.5.54 - Cross Site Request Forgery (CSRF) vulnerability | Jonathan Daggerhart | Query Wrangler | Medium | 5.4 | 2025-04-01 14:51:24 | Deep Dive |
| CVE-2024-22341 | IBM Watson Query on Cloud Pak for Data information disclosure | IBM | Watson Query on Cloud Pak for Data | Medium | 5.3 | 2025-02-22 00:38:24 | Deep Dive |
| CVE-2025-22264 | WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Patel | WP Query Creator | High | 7.1 | 2025-01-23 15:29:39 | Deep Dive |
| CVE-2025-23926 | WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability | TC.K | Ajax WP Query Search Filter | Medium | 6.5 | 2025-01-16 20:07:53 | Deep Dive |
| CVE-2024-45627 | Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability | Apache Software Foundation | Apache Linkis Metadata Query Service JDBC | 中危 | - | 2025-01-14 16:13:20 | Deep Dive |
| CVE-2024-35160 | IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure | IBM | Watson Query for Cloud Pak for Data | Medium | 4.3 | 2024-11-23 13:48:16 | Deep Dive |
| CVE-2024-38794 | WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability | MediaRon LLC | Custom Query Blocks | Medium | 5.3 | 2024-11-01 14:17:56 | Deep Dive |
| CVE-2024-50498 | WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability | Ajit Bohra | WP Query Console | Critical | 10.0 | 2024-10-28 11:24:27 | Deep Dive |
| CVE-2024-44059 | WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability | Ronald Huereca | Custom Query Blocks | Medium | 6.5 | 2024-09-15 08:10:44 | Deep Dive |