| CVE-2025-8567 | Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | posimyththemes | Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder | Medium | 6.4 | 2025-08-19 08:24:16 | Deep Dive |
| CVE-2025-7654 | Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 8.8 | 2025-08-19 07:26:28 | Deep Dive |
| CVE-2025-6758 | Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' | imithemes | Real Spaces - WordPress Properties Directory Theme | Critical | 9.8 | 2025-08-19 06:45:27 | Deep Dive |
| CVE-2025-8218 | Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' | imithemes | Real Spaces - WordPress Properties Directory Theme | High | 8.8 | 2025-08-19 06:45:27 | Deep Dive |
| CVE-2025-6079 | School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload | dasinfomedia | School Management System for Wordpress | High | 8.8 | 2025-08-16 03:38:53 | Deep Dive |
| CVE-2025-6080 | WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation | dasinfomedia | WPGYM - Wordpress Gym Management System | High | 8.8 | 2025-08-16 03:38:50 | Deep Dive |
| CVE-2025-3671 | WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update | dasinfomedia | WPGYM - Wordpress Gym Management System | High | 8.8 | 2025-08-16 03:38:49 | Deep Dive |
| CVE-2024-12612 | School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection | dasinfomedia | School Management System for Wordpress | High | 7.5 | 2025-08-16 03:38:47 | Deep Dive |
| CVE-2025-5844 | Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter | techlabpro1 | Radius Blocks – WordPress Gutenberg Blocks | Medium | 6.4 | 2025-08-15 08:25:42 | Deep Dive |
| CVE-2025-8604 | WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wptb | WP Table Builder – Drag & Drop Table Builder | Medium | 6.4 | 2025-08-15 07:24:40 | Deep Dive |
| CVE-2025-54676 | WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 6.5 | 2025-08-14 10:34:42 | Deep Dive |
| CVE-2025-28975 | WordPress Alike - WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability | redqteam | Alike - WordPress Custom Post Comparison | High | 7.1 | 2025-08-14 10:34:34 | Deep Dive |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | Medium | 6.5 | 2025-08-14 10:34:02 | Deep Dive |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | High | 7.5 | 2025-08-14 10:34:01 | Deep Dive |
| CVE-2025-7726 | The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes | Dream-Theme | The7 — Website and eCommerce Builder for WordPress | Medium | 6.4 | 2025-08-09 13:45:05 | Deep Dive |
| CVE-2025-6986 | FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 6.5 | 2025-08-06 01:45:13 | Deep Dive |
| CVE-2012-10027 | WordPress Plugin WP-Property <= 1.35.0 PHP File Upload | WP-Property | WordPress Plugin | - | - | 2025-08-05 20:06:43 | Deep Dive |
| CVE-2012-10026 | WordPress Plugin Asset-Manager <= 2.0 PHP File Upload | Asset-Manager | Wordpress Plugin | - | - | 2025-08-05 20:06:24 | Deep Dive |
| CVE-2012-10025 | WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion | Advanced Custom Fields | WordPress Plugin | - | - | 2025-08-05 20:06:01 | Deep Dive |
| CVE-2025-8295 | Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | emarket-design | Employee Directory – Staff & Team Directory | Medium | 6.4 | 2025-08-05 07:24:16 | Deep Dive |