| CVE-2025-30537 | WordPress Upload Quota per User plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability | Cristian Sarov | Upload Quota per User | Medium | 5.9 | 2025-03-24 13:46:46 | Deep Dive |
| CVE-2025-0724 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection | metagauss | ProfileGrid – User Profiles, Groups and Communities | High | 8.8 | 2025-03-22 04:22:06 | Deep Dive |
| CVE-2025-1408 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2025-03-22 04:22:06 | Deep Dive |
| CVE-2025-0723 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 6.5 | 2025-03-22 04:22:05 | Deep Dive |
| CVE-2025-0813 | Schneider Electric EcoStruxure Power Automation System User Interface 授权问题漏洞 | Schneider Electric | EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured Versions | Medium | 6.8 | 2025-03-12 15:30:03 | Deep Dive |
| CVE-2025-2112 | user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection | user-xiangpeng | yaoqishan | Medium | 6.3 | 2025-03-08 21:31:04 | Deep Dive |
| CVE-2025-2050 | PHPGurukul User Registration & Login and User Management System login.php sql injection | PHPGurukul | User Registration & Login and User Management System | High | 7.3 | 2025-03-06 23:31:06 | Deep Dive |
| CVE-2025-1702 | Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.5 | 2025-03-05 11:22:09 | Deep Dive |
| CVE-2025-25114 | WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | ehabstar | User Role | High | 7.1 | 2025-03-03 13:30:24 | Deep Dive |
| CVE-2025-1511 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2025-02-28 05:23:14 | Deep Dive |
| CVE-2025-1717 | Login Me Now <= 1.7.2 - Authentication Bypass | pluginly | Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress | High | 8.1 | 2025-02-27 07:23:13 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |
| CVE-2024-12276 | Ultimate Member <= 2.9.2 - Authenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-02-21 09:21:06 | Deep Dive |
| CVE-2024-13818 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | Medium | 5.3 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2024-13799 | User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | deepakkite | File Sharing & Download Manager – User Private Files | Medium | 6.4 | 2025-02-19 05:22:53 | Deep Dive |
| CVE-2024-13740 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2025-02-18 02:06:01 | Deep Dive |
| CVE-2024-13741 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 5.4 | 2025-02-18 01:44:01 | Deep Dive |
| CVE-2024-13120 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13119 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:06 | Deep Dive |