Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

davidanderson — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting davidanderson. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Davidanderson is primarily associated with web application vulnerabilities, with 11 CVEs recorded across various products. Common vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. Security characteristics reveal a pattern of authentication bypass issues and insecure direct object references in legacy systems. No major public incidents have been directly linked to this identifier, though the consistent presence of similar vulnerability types suggests potential systemic weaknesses in development practices. The CVE history indicates a focus on server-side vulnerabilities rather than client-side exploits, with several critical flaws remaining unpatched in older product versions.

Top products by davidanderson: UpdraftPlus: WP Backup & Migration Plugin Redux Framework WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance All-In-One Security (AIOS) – Security and Firewall Internal Link Juicer: SEO Auto Linker for WordPress Testimonial Slider WPGet API – Connect to any external REST API
CVE IDTitleCVSSSeverityPublished
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta — WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performanceCWE-22 8.1 High2026-05-07
CVE-2026-2712 WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation — WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performanceCWE-863 5.4 Medium2026-04-10
CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter — Redux FrameworkCWE-79 6.4 Medium2025-12-13
CVE-2024-13857 WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery — WPGet API – Connect to any external REST APICWE-918 5.5 Medium2025-03-07
CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting — UpdraftPlus: WP Backup & Migration PluginCWE-79 6.1 Medium2025-01-15
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection — UpdraftPlus: WP Backup & Migration PluginCWE-502 8.8 High2025-01-04
CVE-2024-6828 Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting — Redux FrameworkCWE-434 7.2 High2024-07-23
CVE-2024-4193 Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Testimonial SliderCWE-79 6.4 Medium2024-05-09
CVE-2024-0657 Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting — Internal Link Juicer: SEO Auto Linker for WordPressCWE-79 4.4 Medium2024-02-09
CVE-2024-1037 All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting — All-In-One Security (AIOS) – Security and FirewallCWE-79 6.1 Medium2024-02-07
CVE-2023-5982 UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update — UpdraftPlus: WP Backup & Migration PluginCWE-352 5.4 Medium2023-11-07

This page lists every published CVE security advisory associated with davidanderson. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.