| CVE-2025-5339 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id' | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | High | 7.5 | 2025-07-02 03:47:26 | Deep Dive |
| CVE-2025-6437 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | High | 7.5 | 2025-07-02 03:47:25 | Deep Dive |
| CVE-2025-5014 | Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion | Chimp Group | Home Villas | Real Estate WordPress Theme | High | 8.8 | 2025-07-02 03:47:25 | Deep Dive |
| CVE-2025-4380 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | High | 8.1 | 2025-07-02 03:47:23 | Deep Dive |
| CVE-2025-6459 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | High | 8.8 | 2025-07-02 03:47:22 | Deep Dive |
| CVE-2025-4381 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | High | 7.5 | 2025-07-02 03:47:22 | Deep Dive |
| CVE-2025-4689 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | Critical | 9.8 | 2025-07-02 03:47:21 | Deep Dive |
| CVE-2025-6350 | WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting | rextheme | WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress | Medium | 6.4 | 2025-06-28 03:22:00 | Deep Dive |
| CVE-2025-53317 | WordPress WPShapere Lite plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) Vulnerability | AcmeeDesign | WPShapere - WordPress admin theme | High | 7.1 | 2025-06-27 13:21:37 | Deep Dive |
| CVE-2025-53270 | WordPress CTA plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) Vulnerability | Blend Media | WordPress CTA | Medium | 4.3 | 2025-06-27 13:21:14 | Deep Dive |
| CVE-2025-53260 | WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability | getredhawkstudio | File Manager Plugin For Wordpress | Critical | 9.1 | 2025-06-27 13:21:08 | Deep Dive |
| CVE-2025-28947 | WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability | snstheme | MBStore - Digital WooCommerce WordPress Theme | High | 8.1 | 2025-06-27 11:52:44 | Deep Dive |
| CVE-2025-52811 | WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulnerability | Creanncy | Davenport - Versatile Blog and Magazine WordPress Theme | High | 8.1 | 2025-06-27 11:52:20 | Deep Dive |
| CVE-2023-25998 | WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability | snstheme | Samex - Clean, Minimal Shop WooCommerce WordPress Theme | High | 8.1 | 2025-06-27 11:52:13 | Deep Dive |
| CVE-2024-12827 | DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset | scriptsbundle | DWT - Directory & Listing WordPress Theme | Critical | 9.8 | 2025-06-27 08:23:58 | Deep Dive |
| CVE-2025-4587 | A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | johnjamesjacoby | A/B Testing for WordPress | Medium | 6.4 | 2025-06-27 07:22:22 | Deep Dive |
| CVE-2025-6488 | isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter | jairoochoa | isMobile() Shortcode for WordPress | Medium | 6.4 | 2025-06-27 04:25:30 | Deep Dive |
| CVE-2025-5275 | Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings | smub | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | Medium | 4.4 | 2025-06-26 02:22:22 | Deep Dive |
| CVE-2025-5143 | TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode | realmag777 | TableOn – WordPress Posts Table Filterable | Medium | 6.4 | 2025-06-21 06:42:49 | Deep Dive |
| CVE-2025-49974 | WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control Vulnerability | upstreamplugin | UpStream: a Project Management Plugin for WordPress | Medium | 4.3 | 2025-06-20 15:04:17 | Deep Dive |