| CVE-2025-0368 | Banner Garden Plugin for WordPress <= 0.1.3 - Reflected XSS | Unknown | Banner Garden Plugin for WordPress | 中危 | - | 2025-02-04 06:00:11 | Deep Dive |
| CVE-2024-11132 | Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.4 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 4.3 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11133 | Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 5.3 | 2025-02-03 19:22:44 | Deep Dive |
| CVE-2025-24563 | WordPress Cleanup – Directory Listing & Classifieds plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | themeglow | Cleanup – Directory Listing & Classifieds WordPress Plugin | High | 7.1 | 2025-01-31 08:24:40 | Deep Dive |
| CVE-2024-13216 | HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor | devitemsllc | HT Event – WordPress Event Manager Plugin for Elementor | Medium | 4.3 | 2025-01-31 05:22:33 | Deep Dive |
| CVE-2024-13397 | WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | casterfm | WPRadio – WordPress Radio Streaming Plugin | Medium | 6.4 | 2025-01-31 02:24:19 | Deep Dive |
| CVE-2024-13596 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection | pantherius | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | Medium | 6.5 | 2025-01-30 13:42:07 | Deep Dive |
| CVE-2024-13453 | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.3 | 2025-01-30 11:10:20 | Deep Dive |
| CVE-2024-11135 | Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees | imithemes | Eventer - WordPress Event & Booking Manager Plugin | High | 7.5 | 2025-01-28 04:21:33 | Deep Dive |
| CVE-2024-13370 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2025-01-25 07:24:20 | Deep Dive |
| CVE-2024-13368 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:17 | Deep Dive |
| CVE-2024-12113 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:16 | Deep Dive |
| CVE-2024-13599 | LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2025-01-25 07:24:16 | Deep Dive |
| CVE-2024-13496 | GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.5 | 2025-01-22 11:07:59 | Deep Dive |
| CVE-2024-13499 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2025-01-22 11:07:58 | Deep Dive |
| CVE-2024-13495 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2025-01-22 11:07:57 | Deep Dive |
| CVE-2025-22735 | WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | Steve Burge | WordPress Tag Cloud Plugin – Tag Groups | High | 7.1 | 2025-01-21 13:40:35 | Deep Dive |
| CVE-2024-49303 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability | NotFound | Hero Mega Menu - Responsive WordPress Menu Plugin | High | 8.5 | 2025-01-21 13:40:33 | Deep Dive |
| CVE-2024-49333 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability | NotFound | Hero Mega Menu - Responsive WordPress Menu Plugin | High | 8.5 | 2025-01-21 13:40:33 | Deep Dive |