| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32532 | WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | ThemeHunk | Contact Form & Lead Form Elementor Builder | 中危 | - | 2026-03-25 16:15:10 | Deep Dive |
| CVE-2026-25438 | WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability | ThemeHunk | Gutenberg Blocks | High | 7.1 | 2026-03-19 08:34:38 | Deep Dive |
| CVE-2026-1454 | Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting | themehunk | Lead Form Builder & Contact Form | High | 7.2 | 2026-03-11 08:24:46 | Deep Dive |
| CVE-2025-68046 | WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability | ThemeHunk | Contact Form & Lead Form Elementor Builder | - | - | 2026-01-22 16:52:06 | Deep Dive |
| CVE-2025-69344 | WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability | themehunk | Oneline Lite | Medium | 4.3 | 2026-01-07 11:51:23 | Deep Dive |
| CVE-2025-12040 | Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation | themehunk | Wishlist for WooCommerce | Medium | 6.5 | 2025-11-25 07:28:21 | Deep Dive |
| CVE-2025-62902 | WordPress WP Popup Builder plugin <= 1.3.8 - Sensitive Data Exposure vulnerability | ThemeHunk | WP Popup Builder | Medium | 5.3 | 2025-10-27 01:33:51 | Deep Dive |
| CVE-2025-9378 | Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes | themehunk | Vayu Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2025-09-03 06:43:10 | Deep Dive |
| CVE-2025-52816 | WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability | themehunk | Zita | High | 8.1 | 2025-06-27 11:52:18 | Deep Dive |
| CVE-2025-30990 | WordPress ThemeHunk plugin <= 1.2.0 - Broken Access Control vulnerability | ThemeHunk | ThemeHunk | Medium | 4.3 | 2025-06-06 12:54:04 | Deep Dive |
| CVE-2025-4420 | Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter | themehunk | Vayu Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2025-06-03 08:21:53 | Deep Dive |
| CVE-2025-2568 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update | themehunk | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce | Medium | 5.3 | 2025-04-08 11:11:31 | Deep Dive |
| CVE-2025-22644 | WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability | ThemeHunk | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce | Medium | 6.5 | 2025-03-27 15:11:03 | Deep Dive |
| CVE-2025-30881 | WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability | themehunk | Big Store | Medium | 4.3 | 2025-03-27 10:55:40 | Deep Dive |
| CVE-2024-13511 | Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset | themehunk | Variation Swatches for WooCommerce | Medium | 4.3 | 2025-01-23 09:21:09 | Deep Dive |
| CVE-2024-54369 | WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability | ThemeHunk | Zita Site Builder | Critical | 9.1 | 2024-12-16 14:31:33 | Deep Dive |
| CVE-2024-10124 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | themehunk | Vayu Blocks – Website Builder for the Block Editor | Critical | 9.8 | 2024-12-12 05:24:22 | Deep Dive |
| CVE-2023-28688 | WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability | ThemeHunk | TH Variation Swatches | Medium | 5.4 | 2024-12-09 11:31:15 | Deep Dive |
| CVE-2024-10674 | Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | themehunk | Th Shop Mania | High | 8.8 | 2024-11-09 03:18:14 | Deep Dive |
| CVE-2024-10673 | Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | themehunk | Top Store | High | 8.8 | 2024-11-09 03:17:54 | Deep Dive |