Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wphocus — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting wphocus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wphocus is a WordPress security scanner designed to detect vulnerabilities in WordPress websites and plugins. Historically, it has been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues across its 12 recorded CVEs. The tool has been leveraged by security researchers and penetration testers to identify weaknesses in WordPress installations. While no major public security incidents have been directly attributed to wphocus, its widespread use in vulnerability discovery has made it notable in the WordPress security community. The scanner's effectiveness lies in its ability to automate the detection of common WordPress security flaws, though its use requires proper authorization to avoid unauthorized scanning activities.

Top products by wphocus: My auctions allegro
CVE IDTitleCVSSSeverityPublished
CVE-2026-22491 WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability — My auctions allegroCWE-79 7.1 High2026-03-25
CVE-2026-22464 WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability — My auctions allegroCWE-98 7.5 High2026-01-22
CVE-2025-67943 WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Scripting (XSS) vulnerability — My auctions allegroCWE-79 7.1 High2026-01-22
CVE-2025-68567 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability — My auctions allegroCWE-352 5.4 Medium2025-12-24
CVE-2025-68566 WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability — My auctions allegroCWE-79 5.9 Medium2025-12-24
CVE-2025-12851 My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller — My auctions allegroCWE-98 8.1 High2025-12-05
CVE-2025-12850 My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id — My auctions allegroCWE-89 7.5 High2025-12-05
CVE-2025-10048 My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection — My auctions allegroCWE-89 4.9 Medium2025-10-11
CVE-2025-27009 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability — My auctions allegroCWE-352 7.1 High2025-04-14
CVE-2025-31542 WordPress My auctions allegro plugin <= 3.6.20 - SQL Injection vulnerability — My auctions allegroCWE-89 8.5 High2025-03-31
CVE-2025-22733 WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability — My auctions allegroCWE-79 7.1 High2025-01-21
CVE-2024-11707 My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting — My auctions allegroCWE-79 6.1 Medium2024-12-03

This page lists every published CVE security advisory associated with wphocus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.