AI-Powered CVE Analysis for WordPress Plugins

The Table of Contents Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an…

The SumUp Payment Gateway For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.7.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The ShoutOut plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as…

The My Post Order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action…

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2025.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The SEO Booster plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to view, create, modify, clone, delete, and…

The Points and Rewards for WooCommerce – Create Loyalty Programs, Reward Customer Purchases, User Badges, Gamification plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform…

The Ecwid Shopping Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The My auctions allegro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.6.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.