Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fahadmahmood — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting fahadmahmood. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by fahadmahmood:Keep Backup DailyWP DatepickerWP DocsRSS Feed WidgetExport Customers DataWP Responsive TabsEasy Upload Files During CheckoutOrder Splitter for WooCommerceInjection Guard
CVE IDTitleCVSSSeverityPublished
CVE-2026-3878 WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' — WP DocsCWE-79 6.4 Medium2026-04-16
CVE-2026-3368 Injection Guard <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name — Injection GuardCWE-79 7.2 High2026-03-20
CVE-2026-3577 Keep Backup Daily <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title — Keep Backup DailyCWE-79 4.4 Medium2026-03-20
CVE-2026-3339 Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter — Keep Backup DailyCWE-22 2.7 Low2026-03-20
CVE-2025-12075 Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure — Order Splitter for WooCommerceCWE-862 4.3 Medium2026-02-18
CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload — Easy Upload Files During CheckoutCWE-434 9.8 Critical2025-11-04
CVE-2024-13387 WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Responsive TabsCWE-79 6.4 Medium2025-01-16
CVE-2024-12468 WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting — WP DatepickerCWE-79 6.1 Medium2024-12-24
CVE-2024-12405 Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting — Export Customers DataCWE-79 6.1 Medium2024-12-24
CVE-2024-12635 WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' — WP DocsCWE-89 6.5 Medium2024-12-21
CVE-2024-10057 RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode — RSS Feed WidgetCWE-79 6.4 Medium2024-10-18
CVE-2024-3895 WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — WP DatepickerCWE-862 8.8 High2024-05-02
CVE-2022-1820 Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting — Keep Backup DailyCWE-79 6.1 Medium2022-06-13

This page lists every published CVE security advisory associated with fahadmahmood. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.