davidanderson — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting davidanderson. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by davidanderson:UpdraftPlus: WP Backup & Migration Plugin Redux Framework All-In-One Security (AIOS) – Security and Firewall Internal Link Juicer: SEO Auto Linker for WordPress Testimonial Slider WPGet API – Connect to any external REST API WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

CVE ID	Title	CVSS	Severity	Published
CVE-2026-2712	WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation — WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performanceCWE-863	5.4	Medium	2026-04-10
CVE-2025-9488	Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter — Redux FrameworkCWE-79	6.4	Medium	2025-12-13
CVE-2024-13857	WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery — WPGet API – Connect to any external REST APICWE-918	5.5	Medium	2025-03-07
CVE-2025-0215	UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting — UpdraftPlus: WP Backup & Migration PluginCWE-79	6.1	Medium	2025-01-15
CVE-2024-10957	UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection — UpdraftPlus: WP Backup & Migration PluginCWE-502	8.8	High	2025-01-04
CVE-2024-6828	Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting — Redux FrameworkCWE-434	7.2	High	2024-07-23
CVE-2024-4193	Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Testimonial SliderCWE-79	6.4	Medium	2024-05-09
CVE-2024-0657	Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting — Internal Link Juicer: SEO Auto Linker for WordPressCWE-79	4.4	Medium	2024-02-09
CVE-2024-1037	All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting — All-In-One Security (AIOS) – Security and FirewallCWE-79	6.1	Medium	2024-02-07
CVE-2023-5982	UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update — UpdraftPlus: WP Backup & Migration PluginCWE-352	5.4	Medium	2023-11-07

This page lists every published CVE security advisory associated with davidanderson. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

davidanderson — Vulnerabilities & Security Advisories 10