| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14312 | Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via counter | Unknown | Advance WP Query Search Filter | 中危 | - | 2025-12-30 06:00:04 | Deep Dive |
| CVE-2025-14298 | FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode | damian-gora | FiboSearch – Ajax Search for WooCommerce | Medium | 5.4 | 2025-12-20 08:22:11 | Deep Dive |
| CVE-2025-54045 | WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability | CreativeMindsSolutions | CM On Demand Search And Replace | Medium | 4.3 | 2025-12-16 08:12:46 | Deep Dive |
| CVE-2025-13840 | BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute | bobvanoorschot | Bukazu Search Widget | Medium | 6.4 | 2025-12-12 03:20:52 | Deep Dive |
| CVE-2025-63069 | WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability | Vinod Dalvi | Ivory Search | - | - | 2025-12-09 14:52:35 | Deep Dive |
| CVE-2025-42891 | Missing Authorization check in SAP Enterprise Search for ABAP | SAP_SE | SAP Enterprise Search for ABAP | Medium | 5.5 | 2025-12-09 02:15:19 | Deep Dive |
| CVE-2025-12091 | Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation | instantsearchplus | Search, Filters & Merchandising for WooCommerce | Medium | 4.3 | 2025-12-06 05:49:35 | Deep Dive |
| CVE-2025-13653 | Unauthorized access to documents in data streams with specially crafted requests | floragunn | Search Guard FLX | Medium | 4.3 | 2025-12-01 18:02:01 | Deep Dive |
| CVE-2025-10646 | Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API | quadlayers | Search Exclude | Medium | 4.3 | 2025-11-25 03:27:43 | Deep Dive |
| CVE-2025-12964 | Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget | nalam-1 | Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder | Medium | 6.4 | 2025-11-21 09:27:01 | Deep Dive |
| CVE-2025-12149 | Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents | floragunn | Search Guard FLX | 中危 | - | 2025-11-14 13:58:43 | Deep Dive |
| CVE-2025-12928 | code-projects Online Job Search Engine login.php sql injection | code-projects | Online Job Search Engine | High | 7.3 | 2025-11-10 03:02:07 | Deep Dive |
| CVE-2025-62064 | WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability | Elated-Themes | Search & Go | 中危 | - | 2025-11-06 15:55:52 | Deep Dive |
| CVE-2025-60194 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Local File Inclusion vulnerability | Premmerce | Premmerce Product Search for WooCommerce | High | 7.5 | 2025-11-06 15:54:51 | Deep Dive |
| CVE-2025-48086 | WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability | wpdreams | Ajax Search Lite | Medium | 5.5 | 2025-11-06 15:53:43 | Deep Dive |
| CVE-2025-12148 | Unauthorized access to fields protected by Field Masking (FM) for fields of type IP | floragunn | Search Guard FLX | - | - | 2025-10-29 15:31:32 | Deep Dive |
| CVE-2025-12147 | Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object | floragunn | Search Guard FLX | - | - | 2025-10-29 15:29:54 | Deep Dive |
| CVE-2025-64290 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | Premmerce | Premmerce Product Search for WooCommerce | Medium | 4.3 | 2025-10-29 08:38:15 | Deep Dive |
| CVE-2025-64289 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability | Premmerce | Premmerce Product Search for WooCommerce | - | - | 2025-10-29 08:38:15 | Deep Dive |
| CVE-2025-48099 | WordPress Search & Filter plugin <= 1.2.17 - Cross Site Request Forgery (CSRF) to Open Redirect vulnerability | Code Amp | Search & Filter | - | - | 2025-10-22 14:32:07 | Deep Dive |