| CVE-2025-29005 | WordPress HR Management Lite plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability | Weblizar - WordPress Themes & Plugin | HR Management Lite | Medium | 4.3 | 2025-06-06 12:54:27 | Deep Dive |
| CVE-2025-30938 | WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability | broadly | Broadly for WordPress | Medium | 5.9 | 2025-06-06 12:54:16 | Deep Dive |
| CVE-2025-49329 | WordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload Vulnerability | Agile Logix | Store Locator WordPress | Medium | 6.6 | 2025-06-06 12:53:58 | Deep Dive |
| CVE-2025-49328 | WordPress Store Locator WordPress plugin <= 1.5.1 - SQL Injection Vulnerability | Agile Logix | Store Locator WordPress | High | 7.6 | 2025-06-06 12:53:57 | Deep Dive |
| CVE-2025-5239 | Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter | themeatelier | Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries | Medium | 6.4 | 2025-06-06 11:13:17 | Deep Dive |
| CVE-2025-5760 | Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode | eskapism | Simple History – Track, Log, and Audit WordPress Changes | Medium | 4.9 | 2025-06-06 11:13:16 | Deep Dive |
| CVE-2025-5018 | Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox | hivesupport | Hive Support | AI-Powered Help Desk, Live Chat and Chatbot | High | 7.1 | 2025-06-06 06:42:51 | Deep Dive |
| CVE-2025-5586 | WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | tushargohel | WordPress Ajax Load More and Infinite Scroll | Medium | 6.4 | 2025-06-06 06:42:50 | Deep Dive |
| CVE-2025-5534 | ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | calebzahnd | ESV Bible Shortcode for WordPress | Medium | 6.4 | 2025-06-06 06:42:49 | Deep Dive |
| CVE-2025-5019 | Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function | hivesupport | Hive Support | AI-Powered Help Desk, Live Chat and Chatbot | Medium | 5.4 | 2025-06-06 06:42:49 | Deep Dive |
| CVE-2025-5539 | Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | emarket-design | Simple Contact Form Plugin for WordPress – WP Easy Contact | Medium | 6.4 | 2025-06-04 04:22:42 | Deep Dive |
| CVE-2025-5532 | Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | emarket-design | Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress | Medium | 6.4 | 2025-06-04 03:40:59 | Deep Dive |
| CVE-2025-5531 | Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | emarket-design | Employee Directory – Staff & Team Directory | Medium | 6.4 | 2025-06-04 03:40:58 | Deep Dive |
| CVE-2025-4420 | Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter | themehunk | Vayu Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2025-06-03 08:21:53 | Deep Dive |
| CVE-2025-1725 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads | bitpressadmin | File Manager | Medium | 6.4 | 2025-06-03 08:21:52 | Deep Dive |
| CVE-2025-3662 | FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS | Unknown | FancyBox for WordPress | - | - | 2025-06-03 06:00:17 | Deep Dive |
| CVE-2025-4797 | Golo <= 1.7.0 - Authentication Bypass to Account Takeover | uxper | Golo - City Travel Guide WordPress Theme | Critical | 9.8 | 2025-06-03 04:22:16 | Deep Dive |
| CVE-2025-3919 | WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | webtoffee | Comments Import & Export | Medium | 6.4 | 2025-06-02 22:22:36 | Deep Dive |
| CVE-2025-4963 | WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.4 | 2025-05-28 09:22:14 | Deep Dive |
| CVE-2025-31633 | WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability | gavias | Kiamo - Responsive Business Service WordPress Theme | High | 8.1 | 2025-05-23 12:44:05 | Deep Dive |