CVE

2025

• StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.4.0 - Authenticated (Subscriber+) Arbitrary File Upload September 16, 2025
• StoreEngine Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.4.0 - Authenticated (Subscriber+) Arbitrary File Download September 16, 2025
• Make Connector <= 1.5.10 - Authenticated (Admin+) Arbitrary File Upload September 3, 2025
• Download Plugin <= 2.2.8 - Authenticated (Admin+) Arbitrary File Upload via the dpwap_plugin_locInstall Function July 3, 2025
• AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o July 3, 2025
• Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload July 2, 2025
• Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via save_options June 17, 2025
• eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image Task May 23, 2025
• eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Delete May 23, 2025
• eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read May 23, 2025
• eMagicOne Store Manager for WooCommerce <= 1.2.5- Unauthenticated Arbitrary File Upload via set_file Task May 23, 2025
• Ultimate Before After Image Slider & Gallery – BEAF <= 4.6.10 - Authenticated (Admin+) Arbitrary File Upload via beaf_options_save May 7, 2025
• Instantio - Wordpress Plugin <= 3.3.16 - Authenticated (Admin+) Arbitrary File Upload via ins_options_save May 7, 2025
• Migration,Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file February 22, 2025

2024

• All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection October 27, 2024