AI-Powered CVE Analysis for WordPress Plugins
We use AI to automate the differential analysis between vulnerable and patched plugin versions to understand and interpret the security issues. What we share here is research-grade proof of concept demonstrations that are then fed back into our endpoint firewall service.
WordPress Proof of Concepts
AI-assisted vulnerability analysis with PoC demonstration
2026-06-11
CVE-2026-9125: The Ultimate Video Player For WordPress <= 4.2.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute PoC, Patch Analysis & Rule
Medium CVE-2026-9125 in Presto Player (CVSS 6.4): The Ultimate Video Player For WordPress. Atomic Edge summarizes impact, exploitability, and patch details. Update to 4.2.1.
2026-06-10
CVE-2026-2827: Open User Map PRO <= 1.4.31 Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification' PoC, Patch Analysis & Rule
Medium CVE-2026-2827 in Open User Map Pro (CVSS 4.7): Open User Map PRO. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
2026-06-10
CVE-2026-10795: UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 Unauthenticated Authentication Bypass via UpdraftCentral udrpc PoC, Patch Analysis & Rule
High CVE-2026-10795 in Updraftplus (CVSS 8.1): UpdraftPlus: WP Backup & Migration Plugin. Atomic Edge summarizes impact, exploitability, and patch details. Update to 1.26.5.
2026-06-09
CVE-2025-8444: Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters PoC, Patch Analysis & Rule
Medium CVE-2025-8444 in Animation Addons For Elementor (CVSS 6.4): Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule...
2026-06-09
CVE-2026-8613: aThemes Addons for Elementor <= 1.1.8 Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting PoC, Patch Analysis & Rule
Medium CVE-2026-8613 in Athemes Addons For Elementor Lite (CVSS 6.4): aThemes Addons for Elementor. Atomic Edge summarizes impact, exploitability, and patch details. Update to 1.1.9.
2026-06-09
CVE-2026-8853: MW WP Form <= 5.1.3 Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter PoC, Patch Analysis & Rule
Medium CVE-2026-8853 in Mw Wp Form (CVSS 4.4): MW WP Form. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage. Update to 5.1.4.
2026-06-09
CVE-2026-3018: Newsletters <= 4.13 Unauthenticated SQL Injection via wpmlsubscriber_id Parameter PoC, Patch Analysis & Rule
High CVE-2026-3018 in Newsletters Lite (CVSS 7.5): Newsletters. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
2026-06-09
CVE-2025-6254: Doctreat Core <= 1.6.8 Unauthenticated Privilege Escalation PoC, Patch Analysis & Rule
Critical CVE-2025-6254 in Doctreat_core (CVSS 9.8): Doctreat Core. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
2026-06-08
CVE-2026-8880: RomanCart Ecommerce <= 2.0.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
Medium CVE-2026-8880 in Romancart Ecommerce (CVSS 6.4): RomanCart Ecommerce. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-9662: Recover Exit For WooCommerce <= 1.0.3 Unauthenticated Local File Inclusion via 'tpf' Parameter PoC, Patch Analysis & Rule
High CVE-2026-9662 in Recoverexit For Woocommerce (CVSS 8.1): Recover Exit For WooCommerce. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
2026-06-08
CVE-2026-10024: TinyMCE shortcode Addon <= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute PoC, Patch Analysis & Rule
Medium CVE-2026-10024 in 360crest Themeone Tinymce Shortcodes (CVSS 6.4): TinyMCE shortcode Addon. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-8883: Global Body Mass Index Calculator <= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
Medium CVE-2026-8883 in Global Body Mass Index Calculator (CVSS 6.4): Global Body Mass Index Calculator. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-8882: WP ApplicantStack Jobs Display <= 1.1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
Medium CVE-2026-8882 in Wp Applicantstack Jobs Display (CVSS 6.4): WP ApplicantStack Jobs Display. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-10553: jQuery Hover Footnotes <= 1.4 Cross-Site Request Forgery to Plugin Settings Update PoC, Patch Analysis & Rule
Medium CVE-2026-10553 in Jquery Hover Footnotes (CVSS 4.3): jQuery Hover Footnotes. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
2026-06-08
CVE-2026-8895: kk blog card <= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
Medium CVE-2026-8895 in Kk Blog Card (CVSS 6.4): kk blog card. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-7542: Slider Revolution <= 7.0.10 Authenticated (Subscriber+) Sensitive Information Disclosure PoC, Patch Analysis & Rule
Medium CVE-2026-7542 in Revslider (CVSS 6.5): Slider Revolution. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
2026-06-08
CVE-2026-10738: jQuery Hover Footnotes <= 1.4 Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{…}}' Syntax) PoC, Patch Analysis & Rule
Medium CVE-2026-10738 in Jquery Hover Footnotes (CVSS 6.4): jQuery Hover Footnotes. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-8677: Prime Elementor Addons <= 1.3.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings PoC, Patch Analysis & Rule
Medium CVE-2026-8677 in Unlimited Elementor Inner Sections By Boomdevs (CVSS 6.4): Prime Elementor Addons. Atomic Edge summarizes impact, exploitability, and patch details.
2026-06-08
CVE-2026-11616: Events Calendar for GeoDirectory <= 2.3.28 Authenticated (Subscriber+) Privilege Escalation PoC, Patch Analysis & Rule
High CVE-2026-11616 in Events For Geodirectory (CVSS 8.8): Events Calendar for GeoDirectory. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage. Update to 2.3.29.
2026-06-08
CVE-2026-11603: Product Filter Widget for Elementor <= 1.0.6 Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter PoC, Patch Analysis & Rule
Medium CVE-2026-11603 in Product Filter Widget For Elementor (CVSS 6.1): Product Filter Widget for Elementor. Atomic Edge summarizes impact, exploitability, and patch details, with WAF rule coverage.
How Atomic Edge Works
Simple Setup. Powerful Security.
Atomic Edge acts as a security layer between your website & the internet — inspecting, filtering, and blocking malicious traffic before it ever reaches
your application.