| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-4951 | Rapid7 AppSpider Pro 安全漏洞 | Rapid7 | AppSpider Pro | Medium | 4.6 | 2025-05-20 08:39:38 | Deep Dive |
| CVE-2025-47582 | WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability | QuantumCloud | WPBot Pro Wordpress Chatbot | Critical | 9.8 | 2025-05-19 18:12:08 | Deep Dive |
| CVE-2025-3527 | EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | EventON | EventON (Pro) - WordPress Virtual Event Calendar Plugin | Medium | 6.4 | 2025-05-17 11:17:16 | Deep Dive |
| CVE-2025-3812 | WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion | QuantumCloud | WPBot Pro Wordpress Chatbot | High | 8.1 | 2025-05-17 05:30:34 | Deep Dive |
| CVE-2025-32287 | WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerability | LambertGroup | Responsive HTML5 Audio Player PRO With Playlist | High | 8.5 | 2025-05-16 15:45:33 | Deep Dive |
| CVE-2025-32295 | WordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerability | wordpresschef | Salon Booking Pro | Medium | 4.3 | 2025-05-16 15:45:31 | Deep Dive |
| CVE-2025-32301 | WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability | LambertGroup | CountDown Pro WP Plugin | High | 8.5 | 2025-05-16 15:45:30 | Deep Dive |
| CVE-2025-46464 | WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability | scripteo | Ads Pro | Medium | 6.5 | 2025-05-16 15:45:22 | Deep Dive |
| CVE-2023-2334 | Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF | Unknown | edd-google-sheet-connector-pro | - | - | 2025-05-15 20:08:57 | Deep Dive |
| CVE-2024-6690 | WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect | Unknown | wccp-pro | - | - | 2025-05-15 20:07:09 | Deep Dive |
| CVE-2024-6693 | WP Content Copy Protection & No Right Click (premium) <= 15.0 - Admin+ Stored XSS | Unknown | wccp-pro | - | - | 2025-05-15 20:07:09 | Deep Dive |
| CVE-2025-4396 | Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection | Relevanssi | Relevanssi Premium | High | 7.5 | 2025-05-13 03:21:30 | Deep Dive |
| CVE-2025-4377 | Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php | Sparx Systems | Pro Cloud Server | - | - | 2025-05-09 05:12:59 | Deep Dive |
| CVE-2025-4376 | Cross-Site Scripting vulnerability in Model Search in Pro Cloud Server's WebEA | Sparx Systems | Pro Cloud Server | - | - | 2025-05-09 05:12:54 | Deep Dive |
| CVE-2025-4375 | Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA | Sparx Systems | Pro Cloud Server | - | - | 2025-05-09 05:12:49 | Deep Dive |
| CVE-2025-47545 | WordPress Poll Maker plugin <= 5.7.7 - Race Condition Vulnerability | Ays Pro | Poll Maker | Medium | 5.3 | 2025-05-07 14:20:17 | Deep Dive |
| CVE-2025-1909 | BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider | BuddyBoss | BuddyBoss Platform Pro | Critical | 9.8 | 2025-05-05 19:42:26 | Deep Dive |
| CVE-2025-4204 | Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id' | Inception Software LLP | Ultimate Auction Pro | High | 7.5 | 2025-05-02 12:23:39 | Deep Dive |
| CVE-2024-13322 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection | scripteo | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager | High | 7.5 | 2025-05-02 03:21:19 | Deep Dive |
| CVE-2024-13808 | Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution | WPXpro | Xpro Elementor Addons - Pro | High | 8.8 | 2025-04-26 04:22:37 | Deep Dive |