Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fahad Mahmood — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting Fahad Mahmood. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fahad Mahmood is a recognized security researcher with twenty-five assigned CVEs, primarily focusing on identifying critical flaws in widely deployed enterprise software and network infrastructure. His contributions predominantly target remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often exploiting improper input validation in web applications and API endpoints. A significant portion of his findings involves privilege escalation issues within Linux-based systems and middleware, highlighting weaknesses in access control mechanisms. Mahmood’s work has notably impacted several major vendors, leading to urgent patches for high-severity bugs that could allow unauthorized system access. His research emphasizes the importance of secure coding practices in complex distributed environments, providing actionable insights for developers to mitigate risks associated with untrusted data handling and insufficient authentication checks.

Top products by Fahad Mahmood: WP Docs RSS Feed Widget WP Datepicker Keep Backup Daily Endless Posts Navigation Chameleon (WordPress plugin) WP Sort Order Injection Guard Gulri Slider WP Quick Shop Alphabetic Pagination Order Splitter for WooCommerce External Store for Shopify Stock Locations for WooCommerce Easy Upload Files During Checkout
CVE IDTitleCVSSSeverityPublished
CVE-2026-25332 WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability — Endless Posts NavigationCWE-862 5.3 Medium2026-02-19
CVE-2026-24990 WordPress WP Docs plugin <= 2.2.8 - Broken Access Control vulnerability — WP DocsCWE-862 5.4 Medium2026-02-03
CVE-2025-69349 WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability — RSS Feed WidgetCWE-862 5.4 Medium2026-01-06
CVE-2025-62078 WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability — Easy Upload Files During CheckoutCWE-862 4.3 Medium2025-12-31
CVE-2025-47463 WordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control Vulnerability — Stock Locations for WooCommerceCWE-862 7.1 High2025-06-09
CVE-2025-30999 WordPress External Store for Shopify plugin <= 1.5.9 - Local File Inclusion vulnerability — External Store for ShopifyCWE-98 7.5 High2025-06-06
CVE-2025-31089 WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability — Order Splitter for WooCommerceCWE-89 8.5 High2025-04-01
CVE-2025-31417 WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability — WP DocsCWE-862 4.3 Medium2025-03-31
CVE-2025-26751 WordPress Alphabetic Pagination Plugin <= 3.2.1 - Reflected Cross Site Scripting (XSS) vulnerability — Alphabetic PaginationCWE-79 7.1 High2025-02-25
CVE-2025-26779 WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability — Keep Backup DailyCWE-22 4.9 Medium2025-02-16
CVE-2024-56288 WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability — WP DocsCWE-79 5.9 Medium2025-01-07
CVE-2024-56223 WordPress Gulri Slider plugin <= 3.5.8 - Reflected Cross Site Scripting (XSS) vulnerability — Gulri SliderCWE-79 7.1 High2024-12-31
CVE-2024-54344 WordPress WP Quick Shop plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — WP Quick ShopCWE-79 7.1 High2024-12-13
CVE-2023-32574 WordPress Injection Guard plugin <= 1.2.1 - Broken Access Control vulnerability — Injection GuardCWE-862 4.3 Medium2024-12-13
CVE-2023-30873 WordPress WP Docs plugin <= 1.9.8 - Broken Access Control — WP DocsCWE-862 5.4 Medium2024-12-09
CVE-2024-47321 WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability — WP DatepickerCWE-862 6.5 Medium2024-11-01
CVE-2024-49629 WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability — Endless Posts NavigationCWE-352 7.1 High2024-10-20
CVE-2024-48024 WordPress Keep Backup Daily plugin <= 2.1.3 - Sensitive Data Exposure vulnerability — Keep Backup DailyCWE-497 7.5 High2024-10-17
CVE-2024-44042 WordPress WP Datepicker plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — WP DatepickerCWE-79 5.9 Medium2024-10-06
CVE-2024-31294 WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability — WP Sort OrderCWE-862 4.3 Medium2024-06-09
CVE-2024-35695 WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability — WP DocsCWE-79 6.5 Medium2024-06-08
CVE-2024-35696 WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability — WP DocsCWE-79 7.1 High2024-06-08
CVE-2024-32690 WordPress RSS Feed Widget plugin <= 2.9.7 - Cross Site Scripting (XSS) vulnerability — RSS Feed WidgetCWE-79 5.9 Medium2024-04-22
CVE-2023-32106 WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) — WP DocsCWE-79 7.1 High2023-08-18
CVE-2022-44736 WordPress Chameleon plugin <= 1.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — Chameleon (WordPress plugin)CWE-79 4.8 Medium2022-11-17

This page lists every published CVE security advisory associated with Fahad Mahmood. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.