| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-23779 | WordPress ResAds Plugin <= 2.0.5 - SQL Injection vulnerability | web-mv | ResAds | High | 7.6 | 2025-01-16 20:06:58 | Deep Dive |
| CVE-2025-23720 | WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability | Marco Castelluccio | Web Push | High | 7.1 | 2025-01-16 20:06:49 | Deep Dive |
| CVE-2025-23560 | WordPress Web Testimonials plugin <= 1.2 - CSRF to Stored XSS vulnerability | plumwd | Web Testimonials | High | 7.1 | 2025-01-16 20:06:17 | Deep Dive |
| CVE-2025-22782 | WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability | Web Ready Now | WR Price List Manager For Woocommerce | Critical | 9.9 | 2025-01-15 15:23:13 | Deep Dive |
| CVE-2024-11851 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update | nitropack | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | Medium | 4.3 | 2025-01-15 11:29:53 | Deep Dive |
| CVE-2024-11848 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | nitropack | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | High | 8.1 | 2025-01-15 11:24:36 | Deep Dive |
| CVE-2024-13255 | RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019 | Drupal | RESTful Web Services | 中危 | - | 2025-01-09 19:00:43 | Deep Dive |
| CVE-2025-22504 | WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability | jumpdemand | 4ECPS Web Forms | Critical | 10.0 | 2025-01-09 15:39:29 | Deep Dive |
| CVE-2024-12122 | ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters | web-mv | ResAds | Medium | 6.1 | 2025-01-09 11:10:54 | Deep Dive |
| CVE-2024-12590 | WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | india-web-developer | WP Youtube Gallery | Medium | 6.4 | 2025-01-07 03:21:53 | Deep Dive |
| CVE-2023-23672 | WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability | Liquid Web / StellarWP | GiveWP | Medium | 5.4 | 2025-01-02 15:06:38 | Deep Dive |
| CVE-2024-56018 | WordPress BU Section Editing Plugin <= 0.9.9 - Reflected Cross Site Scripting (XSS) vulnerability | BU Web Team | BU Section Editing | High | 7.1 | 2025-01-02 12:01:11 | Deep Dive |
| CVE-2024-47924 | Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Boa web | Boa web | High | 7.5 | 2024-12-30 10:04:03 | Deep Dive |
| CVE-2024-47922 | Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Priority | PRI WEB | High | 7.5 | 2024-12-30 09:50:54 | Deep Dive |
| CVE-2024-11682 | G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting | moonheart | G Web Pro Store Locator | Medium | 6.1 | 2024-12-21 07:03:03 | Deep Dive |
| CVE-2024-11811 | Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting | feedify | Feedify – Web Push Notifications | Medium | 6.1 | 2024-12-20 22:23:08 | Deep Dive |
| CVE-2024-10244 | SQLi in ISDO Software's Web Software | ISDO Software | Web Software | Critical | 9.8 | 2024-12-19 14:00:46 | Deep Dive |
| CVE-2024-54386 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability | pushmonkey | Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart | High | 7.1 | 2024-12-16 14:14:08 | Deep Dive |
| CVE-2024-54317 | WordPress Web Stories plugin <= 1.37.0 - Cross Site Scripting (XSS) vulnerability | Web Stories | Medium | 6.5 | 2024-12-13 14:25:25 | Deep Dive | |
| CVE-2024-54288 | WordPress LDD Directory Lite plugin <= 3.3 - Reflected Cross Site Scripting (XSS) vulnerability | LDD Web Design | LDD Directory Lite | High | 7.1 | 2024-12-13 14:25:05 | Deep Dive |