Browse all 3 CVE security advisories affecting WhileTrue. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WhileTrue develops security testing tools with a core focus on identifying vulnerabilities in web applications and APIs. Historically, their products have commonly uncovered remote code execution, cross-site scripting, and privilege escalation flaws. WhileTrue's tools are designed to automate security assessments, helping organizations proactively identify weaknesses. The company has recorded three CVEs, primarily related to improper input validation and insecure default configurations. WhileTrue's approach emphasizes comprehensive scanning capabilities, though their tools have occasionally produced false positives. Their contributions to the security testing space include techniques for detecting server-side request forgery and business logic vulnerabilities, though no major public security incidents have been reported involving their platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-39549 | WordPress Most And Least Read Posts Widget plugin <= 2.5.20 - Cross Site Scripting (XSS) Vulnerability — Most And Least Read Posts WidgetCWE-79 | 6.5 | Medium | 2025-04-16 |
| CVE-2024-49628 | WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability — Most And Least Read Posts WidgetCWE-352 | 4.3 | Medium | 2024-10-20 |
| CVE-2023-52133 | WordPress Most And Least Read Posts Widget Plugin <= 2.5.16 is vulnerable to SQL Injection — Most And Least Read Posts WidgetCWE-89 | 8.5 | High | 2023-12-31 |
This page lists every published CVE security advisory associated with WhileTrue. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.