| CVE-2025-50010 | WordPress Zapier for WordPress plugin <= 1.5.2 - Broken Access Control Vulnerability | Zapier | Zapier for WordPress | Medium | 5.4 | 2025-06-20 15:04:04 | Deep Dive |
| CVE-2025-50050 | WordPress Jobs for WordPress plugin <= 2.7.14 - Cross Site Scripting (XSS) Vulnerability | BlueGlass Interactive AG | Jobs for WordPress | Medium | 6.5 | 2025-06-20 15:03:47 | Deep Dive |
| CVE-2025-4965 | WPBakery Page Builder <= 8.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via Grid Builder | wpbakery | WPBakery Page Builder | Medium | 6.4 | 2025-06-19 06:44:49 | Deep Dive |
| CVE-2025-1562 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | Critical | 9.8 | 2025-06-18 07:22:44 | Deep Dive |
| CVE-2025-48333 | WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability | WPQuark | eForm - WordPress Form Builder | High | 7.1 | 2025-06-17 15:01:43 | Deep Dive |
| CVE-2025-49312 | WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability | CodeRevolution | Echo RSS Feed Post Generator Plugin for WordPress | High | 7.1 | 2025-06-17 15:01:24 | Deep Dive |
| CVE-2025-4775 | WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting | dcooney | Ajax Load More – Infinite Scroll, Load More, & Lazy Load | Medium | 6.4 | 2025-06-17 01:44:11 | Deep Dive |
| CVE-2025-4200 | Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion | BZOTheme | Zagg - Electronics & Accessories WooCommerce WordPress Theme | High | 8.1 | 2025-06-14 08:23:24 | Deep Dive |
| CVE-2025-4187 | UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read | - | UserPro - Community and User Profile WordPress Plugin | Medium | 5.9 | 2025-06-14 08:23:23 | Deep Dive |
| CVE-2025-5487 | AutomatorWP <= 5.2.5 - Authenticated (Administrator+) SQL Injection via field_conditions | rubengc | AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | High | 7.2 | 2025-06-14 06:41:28 | Deep Dive |
| CVE-2025-6003 | WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure | cyberlord92 | WordPress Single Sign-On (SSO) - Single Site Standard | Medium | 5.3 | 2025-06-12 08:22:44 | Deep Dive |
| CVE-2025-5395 | WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload | ValvePress | WordPress Automatic Plugin | High | 8.8 | 2025-06-11 06:39:47 | Deep Dive |
| CVE-2025-49455 | WordPress WordPress-WPJobBoard <= 25.07010000-WP6.8.1-JB5.11.5 - SQL Injection Vulnerability | ClickandPledge | WordPress-WPJobBoard | Critical | 9.3 | 2025-06-10 12:43:43 | Deep Dive |
| CVE-2025-4577 | Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute | smub | Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | Medium | 6.4 | 2025-06-10 11:22:53 | Deep Dive |
| CVE-2025-2918 | Ultimate Blocks – WordPress Blocks Plugin <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | ultimateblocks | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | Medium | 6.4 | 2025-06-10 11:22:52 | Deep Dive |
| CVE-2025-4601 | RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation | InspiryThemes | RH - Real Estate WordPress Theme | High | 8.8 | 2025-06-10 03:41:38 | Deep Dive |
| CVE-2023-25999 | WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability | snstheme | BodyCenter - Gym, Fitness WooCommerce WordPress Theme | High | 8.1 | 2025-06-09 15:56:59 | Deep Dive |
| CVE-2025-28945 | WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability | snstheme | Valen - Sport, Fashion WooCommerce WordPress Theme | High | 8.1 | 2025-06-09 15:56:51 | Deep Dive |
| CVE-2025-31396 | WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability | themeton | FLAP - Business WordPress Theme | Critical | 9.8 | 2025-06-09 15:56:41 | Deep Dive |
| CVE-2025-32305 | WordPress FlatNews theme <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability | Sneeit | WordPress FlatNews Theme | High | 7.1 | 2025-06-09 15:54:18 | Deep Dive |