AI-Powered CVE Analysis for WordPress Plugins
We use AI to automate the differential analysis between vulnerable and patched plugin versions to understand and interpret the security issues. What we share here is research-grade proof of concept demonstrations that are then fed back into our endpoint firewall service.
WordPress Proof of Concepts
AI-assisted vulnerability analysis with PoC demonstration
June 2, 2026
CVE-2026-2382: FPW Category Thumbnails <= 1.9.5 Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter PoC, Patch Analysis & Rule
CVE-2026-2382 affects the FPW Category Thumbnails plugin for WordPress (up to 1.9.5) with a CVSS score of 6.4. It allows authenticated users to inject scripts via insufficient input sanitization. Update to the patched version to mitigate.
June 2, 2026
CVE-2026-1451: rognone <= 0.6.2 Reflected Cross-Site Scripting via 'a' Parameter PoC, Patch Analysis & Rule
CVE-2026-1451 affects the Rognone plugin for WordPress (up to version 0.6.2) with a medium severity CVSS score of 6.1. Users should patch to mitigate reflected XSS risks from insufficient input sanitization.
June 2, 2026
CVE-2026-3620: Word Replacer <= 0.4 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter PoC, Patch Analysis & Rule
CVE-2026-3620 affects the Word Replacer plugin for WordPress (up to version 0.4) with a medium severity CVSS score of 4.4. Authenticated attackers can exploit this Stored XSS vulnerability, so patching is essential.
June 2, 2026
CVE-2026-4080: Easy Cart <= 1.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
CVE-2026-4080 affects the Easy Cart plugin for WordPress (up to version 1.8) with a medium severity CVSS score of 6.4. Authenticated users can exploit a stored XSS vulnerability; patching is essential to mitigate risks.
June 2, 2026
CVE-2026-2425: hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting via 'new_domain' Parameter PoC, Patch Analysis & Rule
CVE-2026-2425 affects the Hiweb Migration Simple plugin for WordPress (up to 2.0.0.1) with a medium severity CVSS score of 6.1. Unauthenticated attackers can exploit this reflected XSS vulnerability, so ensure you update to the patched...
June 2, 2026
CVE-2026-1829: Content Visibility for Divi Builder <= 4.02 Authenticated (Contributor+) Remote Code Execution PoC, Patch Analysis & Rule
CVE-2026-1829 affects the Content Visibility For Divi Builder plugin (up to version 4.02) with a CVSS score of 8.8. Authenticated attackers can execute remote code; update to version 5.00 to mitigate this risk.
June 2, 2026
CVE-2026-1450: rognone <= 0.6.2 Reflected Cross-Site Scripting via 'mode' Parameter PoC, Patch Analysis & Rule
CVE-2026-1450 affects the Rognone plugin for WordPress (up to v0.6.2) with a medium severity (CVSS 6.1) reflected XSS vulnerability. Ensure to update to the patched version to mitigate potential attacks.
June 2, 2026
CVE-2026-4081: ZeM STL <= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
CVE-2026-4081 affects the ZeM STL Viewer plugin for WordPress (version 1.0 and earlier) with a CVSS score of 6.4. Authenticated users can exploit this XSS vulnerability, so ensure you update to the patched version.
June 2, 2026
CVE-2026-9730: Remove NoFollow Commenter URL <= 1.0 Cross-Site Request Forgery to Settings Update PoC, Patch Analysis & Rule
CVE-2026-9730 affects the Remove Nofollow Commenter Link plugin for WordPress, version 1.0, with a medium severity CVSS score of 4.3. Ensure to patch to mitigate the risk of CSRF attacks that could alter comment settings.
June 2, 2026
CVE-2026-9722: Laiser Tag <= 1.2.5 Cross-Site Request Forgery to Plugin Settings Update via Settings Form PoC, Patch Analysis & Rule
CVE-2026-9722 affects the Laiser Tag plugin for WordPress (up to version 1.2.5) with a medium severity CVSS score of 4.3. Unauthenticated attackers can exploit this CSRF vulnerability to alter settings; patch immediately.
June 2, 2026
CVE-2025-5085: wp-nano-ad <= 1.31 Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter PoC, Patch Analysis & Rule
CVE-2025-5085 affects the WP Nano Ad plugin (up to v1.31) with a CVSS score of 5.5. This medium-severity Stored XSS vulnerability can be exploited by authenticated admins, highlighting the need for prompt patching.
June 2, 2026
CVE-2026-9723: Google Plus One Bottom <= 0.0.2 Cross-Site Request Forgery to Plugin Settings Update via Settings Page PoC, Patch Analysis & Rule
CVE-2026-9723 affects the Google Plus One Bottom plugin for WordPress (up to version 0.0.2) with a medium severity (CVSS 4.3) CSRF vulnerability. Unauthenticated attackers can modify settings; ensure you update to the patched version.
June 2, 2026
CVE-2026-8885: DeMomentSomTres Shortcodes <= 1.1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes PoC, Patch Analysis & Rule
CVE-2026-8885 affects the DeMomentSomTres Shortcodes plugin (up to v1.1.1) with a medium severity CVSS score of 6.4. Authenticated attackers can exploit stored XSS due to insufficient input sanitization. Update to the patched version.
May 22, 2026
CVE-2026-6895: Wishlist Member <= 3.30.1 – Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action (wishlist-member-x)
CVE-2026-6895 affects the WishList Member plugin (up to version 3.30.1) with a CVSS score of 8.8. It allows privilege escalation via exposed REST API keys; patching is essential to prevent site takeover.
May 22, 2026
CVE-2026-6897: Wishlist Member <= 3.30.1 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action (wishlist-member-x)
CVE-2026-6897 affects Wishlist Member plugin versions up to 3.30.1, allowing authenticated attackers to modify critical settings. With a CVSS score of 8.8, patching is essential to prevent potential site takeovers.
May 22, 2026
CVE-2026-6898: WishList Member <= 3.30.1 – Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action (wishlist-member-x)
CVE-2026-6898 affects Wishlist Member X plugin versions up to 3.30.1, allowing authenticated attackers to take over sites by modifying the REST API Secret Key. Update to the patched version to mitigate this high-severity vulnerability.
May 22, 2026
CVE-2026-9284: WooCommerce PayPal Payments <= 4.0.1 – Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure (woocommerce-paypal-payments)
CVE-2026-9284 affects the WooCommerce PayPal Payments plugin (up to 4.0.1) with a CVSS of 8.2. It allows unauthorized order manipulation and data disclosure. Update to 4.0.2 to mitigate this high-severity vulnerability.
May 22, 2026
CVE-2026-6419: Wishlist Member <= 3.30.1 – Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action (wishlist-member-x)
CVE-2026-6419 affects Wishlist Member X plugin versions up to 3.30.1, allowing privilege escalation for authenticated users. With a CVSS score of 8.8, patching is crucial to prevent potential site takeover.
May 22, 2026
CVE-2026-6072: Oliver POS <= 2.4.2.6 – Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header (oliver-pos)
CVE-2026-6072 affects the Oliver POS plugin for WordPress (up to 2.4.2.6) with a medium severity (CVSS 6.5) authentication bypass. Unauthenticated attackers can access sensitive user data; patching is essential.
May 22, 2026
CVE-2026-8038: Faces of Users <= 0.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute (faces-of-users)
CVE-2026-8038 affects the Faces of Users WordPress plugin (up to version 0.0.3) with a medium severity CVSS score of 6.4 due to Stored XSS. Ensure to patch to mitigate risks from authenticated attackers.
How Atomic Edge Works
Simple Setup. Powerful Security.
Atomic Edge acts as a security layer between your website & the internet — inspecting, filtering, and blocking malicious traffic before it ever reaches
your application.