PatchSiren

wedevs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH wedevs CVE published 2026-06-25

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4. This vulnerability allows unauthenticated attackers to append additional SQL queries into existing queries, potentially leading to sensitive information disclosure. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severit [truncated]

MEDIUM weDevs CVE published 2026-06-11

CVE-2022-47150

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in weDevs WooCommerce Conversion Tracking, affecting versions from n/a through 2.0.10. This vulnerability has been assigned a CVSS score of 4.3, indicating a Medium severity level. The vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks.

MEDIUM wedevs CVE published 2026-06-09

CVE-2026-4058

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user [truncated]

HIGH weDevs CVE published 2026-05-22

CVE-2026-4834

CVE-2026-4834 describes an unauthenticated SQL injection in the WP ERP Pro plugin for WordPress affecting all versions up to and including 1.5.1. The issue is tied to insufficient escaping and insufficient query preparation for the user-supplied search_key parameter. Because the flaw can be reached without authentication and is associated with high confidentiality impact, it should be treated as a priorit [truncated]