| CVE-2025-7846 | WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function | vanquish | WordPress User Extra Fields | High | 8.8 | 2025-10-31 06:42:56 | Deep Dive |
| CVE-2025-60211 | WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability | extendons | WooCommerce Registration Fields Plugin - Custom Signup Fields | - | - | 2025-10-22 14:32:43 | Deep Dive |
| CVE-2025-60208 | WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability | Tusko Trush | Advanced Custom Fields : CPT Options Pages | - | - | 2025-10-22 14:32:43 | Deep Dive |
| CVE-2025-49947 | WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability | extendons | WooCommerce Registration Fields Plugin - Custom Signup Fields | - | - | 2025-10-22 14:32:18 | Deep Dive |
| CVE-2025-11691 | PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | High | 7.5 | 2025-10-18 06:42:49 | Deep Dive |
| CVE-2025-11391 | PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | Critical | 9.8 | 2025-10-18 06:42:48 | Deep Dive |
| CVE-2025-10380 | Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI | wplakeorg | Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… | High | 8.8 | 2025-09-23 03:34:34 | Deep Dive |
| CVE-2025-58799 | WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability | themelocation | Custom WooCommerce Checkout Fields Editor | Medium | 4.3 | 2025-09-05 13:45:07 | Deep Dive |
| CVE-2025-54940 | WordPress plugin Advanced Custom Fields 代码注入漏洞 | WPEngine, Inc. | Advanced Custom Fields | 低危 | - | 2025-08-08 04:34:02 | Deep Dive |
| CVE-2012-10025 | WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion | Advanced Custom Fields | WordPress Plugin | - | - | 2025-08-05 20:06:01 | Deep Dive |
| CVE-2025-7645 | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion | htplugins | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) | High | 8.1 | 2025-07-22 06:38:50 | Deep Dive |
| CVE-2025-48150 | WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vulnerability | sminozzi | Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin | Medium | 4.3 | 2025-07-16 10:36:58 | Deep Dive |
| CVE-2025-50008 | WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability | cscode | WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily | Medium | 5.4 | 2025-06-20 15:04:05 | Deep Dive |
| CVE-2025-49291 | WordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability | codepeople | Calculated Fields Form | Medium | 4.3 | 2025-06-06 12:53:45 | Deep Dive |
| CVE-2024-13382 | Calculated Fields Form < 5.2.64 - Admin+ Stored XSS | Unknown | Calculated Fields Form | - | - | 2025-05-15 20:07:01 | Deep Dive |
| CVE-2025-47504 | WordPress Custom Checkout Fields for WooCommerce plugin <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability | WPFactory | Custom Checkout Fields for WooCommerce | Medium | 6.5 | 2025-05-07 14:19:58 | Deep Dive |
| CVE-2024-13381 | Calculated Fields Form < 5.2.62 - Admin+ Stored XSS | Unknown | Calculated Fields Form | - | - | 2025-05-01 06:00:03 | Deep Dive |
| CVE-2024-12273 | Calculated Fields Form < 5.2.62 - Admin+ Stored XSS | Unknown | Calculated Fields Form | - | - | 2025-04-29 06:00:02 | Deep Dive |
| CVE-2025-26746 | WordPress Advanced Custom Fields: Link Picker Field plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability | caalami | Advanced Custom Fields: Link Picker Field | High | 7.1 | 2025-04-15 21:53:10 | Deep Dive |
| CVE-2025-31752 | WordPress Bulk Fields Editor plugin <= 1.8.0 - Broken Access Control vulnerability | termel | Bulk Fields Editor | Medium | 4.3 | 2025-04-01 14:51:12 | Deep Dive |