cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forvirusdie virusdie

Direction: ascending
Jul 03, 2025

Virusdie – One-click website security # CVE-2025-53265

CVE, Research URL

CVE-2025-53265

Home page URL

Security reports for Virusdie – One-click website security

Application

Virusdie – One-click website security

Date
Jun 27, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Elena Yamshikova Virusdie allows Cross Site Request Forgery. This issue affects Virusdie: from n/a through 1.1.3.
Affected versions
max 1.1.3.
Status
vulnerable
Jan 11, 2026

Virusdie – One-click website security # CVE-2025-68576

CVE, Research URL

CVE-2025-68576

Home page URL

Security reports for Virusdie – One-click website security

Application

Virusdie – One-click website security

Date
Dec 24, 2025
Research Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.
Affected versions
max 1.1.6.
Status
vulnerable

Virusdie &#8211; One-click website security # CVE-2025-68577

CVE, Research URL

CVE-2025-68577

Home page URL

Security reports for Virusdie &#8211; One-click website security

Application

Virusdie &#8211; One-click website security

Date
Dec 24, 2025
Research Description
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.
Affected versions
max 1.1.6.
Status
vulnerable
Feb 28, 2026

Virusdie &#8211; One-click website security # CVE-2025-14864

CVE, Research URL

CVE-2025-14864

Home page URL

Security reports for Virusdie &#8211; One-click website security

Application

Virusdie &#8211; One-click website security

Date
Feb 19, 2026
Research Description
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve the site's Virusdie API key, which could be used to access the site owner's Virusdie account and potentially compromise site security.
Affected versions
max 1.1.8.
Status
vulnerable