YouGina

CVE's I found

This page I'll use to maintain a list of CVE's I found throughout the years. Mostly to be able to keep track of it myself. For some of these more detailed articles exist in the Research section of my website.

  • CVE-2026-0603 - Second-Order SQL Injection in Hibernate
  • CVE-2025-8083 - Prototype pollution in Vuetify
  • CVE-2025-8082 - Cross Site Scripting in Vuetify
  • CVE-2025-1264 - Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection
  • CVE-2024-1789 - WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection
  • CVE-2024-3027 - Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload
  • CVE-2024-1986 - Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload
  • CVE-2024-1071 - Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 - 2.8.2 - Unauthenticated SQL Injection
  • CVE-2023-38519 - MainWP <= 4.4.3.3 - Authenticated (Administrator+) SQL Injection
  • CVE-2023-3211 - WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection
  • CVE-2023-3118 Export All URLs <= 4.5 - Reflected Cross-Site Scripting
  • CVE-2022-2593 - Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection

Reach me via:

@ - info@yougina.com

- @YouGina

© 1991 - 2025