| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-5931 | Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation | wedevs | Dokan Pro | High | 8.8 | 2025-08-26 05:07:47 | Deep Dive |
| CVE-2025-3055 | WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion | wedevs | WP User Frontend Pro | High | 8.1 | 2025-06-05 05:23:01 | Deep Dive |
| CVE-2025-3054 | WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload | wedevs | WP User Frontend Pro | High | 8.8 | 2025-06-05 05:23:00 | Deep Dive |
| CVE-2025-47540 | WordPress weMail plugin <= 1.14.13 - Sensitive Data Exposure Vulnerability | weDevs | weMail | Medium | 5.3 | 2025-05-07 14:20:15 | Deep Dive |
| CVE-2025-39377 | WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability | weDevs | Appsero Helper | High | 8.5 | 2025-04-24 16:08:40 | Deep Dive |
| CVE-2025-2541 | WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.4 | 2025-04-11 11:11:56 | Deep Dive |
| CVE-2025-3100 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.4 | 2025-04-09 04:21:20 | Deep Dive |
| CVE-2025-32280 | WordPress WP Project Manager plugin < 2.6.25 - Cross Site Request Forgery (CSRF) Vulnerability | weDevs | WP Project Manager | Medium | 4.3 | 2025-04-04 15:59:49 | Deep Dive |
| CVE-2025-22649 | WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability | weDevs | WP Project Manager | Medium | 5.9 | 2025-03-27 15:05:39 | Deep Dive |
| CVE-2025-30896 | WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability | weDevs | WP ERP | Medium | 5.4 | 2025-03-27 10:55:48 | Deep Dive |
| CVE-2024-13436 | Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | wedevs | Appsero Helper | Medium | 6.1 | 2025-03-11 03:22:20 | Deep Dive |
| CVE-2024-11582 | Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter | wedevs | Subscribe2 – Form, Email Subscribers & Newsletters | High | 7.2 | 2025-02-19 03:21:12 | Deep Dive |
| CVE-2024-13500 | WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 11:26:48 | Deep Dive |
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 09:24:24 | Deep Dive |
| CVE-2024-12195 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-01-04 11:24:20 | Deep Dive |
| CVE-2023-45765 | WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability | weDevs | WP ERP | 中危 | - | 2025-01-02 11:59:54 | Deep Dive |
| CVE-2023-45002 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability | weDevs | WP User Frontend | Medium | 4.3 | 2025-01-02 11:59:47 | Deep Dive |
| CVE-2024-10548 | WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2024-12-19 01:45:14 | Deep Dive |
| CVE-2023-40003 | WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability | weDevs | WP Project Manager | 中危 | - | 2024-12-13 14:24:04 | Deep Dive |
| CVE-2024-12015 | SQL Injection in WordPress Project Manager Plugin | WeDevs | WP Project Manager | High | 7.7 | 2024-12-02 13:23:50 | Deep Dive |