| CVE-2025-3919 | WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | webtoffee | Comments Import & Export | Medium | 6.4 | 2025-06-02 22:22:36 | Deep Dive |
| CVE-2025-4963 | WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.4 | 2025-05-28 09:22:14 | Deep Dive |
| CVE-2025-31912 | WordPress Enzio - Responsive Business WordPress Theme theme < 1.2.6 - Local File Inclusion vulnerability | gavias | Enzio - Responsive Business WordPress Theme | High | 8.1 | 2025-05-23 12:44:04 | Deep Dive |
| CVE-2025-31914 | WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.2 - SQL Injection Vulnerability | kamleshyadav | Pixel WordPress Form BuilderPlugin & Autoresponder | Critical | 9.3 | 2025-05-23 12:44:03 | Deep Dive |
| CVE-2025-32292 | WordPress Jarvis – Night Club, Concert, Festival WordPress theme <= 1.8.11 - PHP Object Injection Vulnerability | AncoraThemes | Jarvis – Night Club, Concert, Festival WordPress | Critical | 9.8 | 2025-05-23 12:43:58 | Deep Dive |
| CVE-2025-47658 | WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability | ELEXtensions | ELEX WordPress HelpDesk & Customer Ticketing System | Critical | 9.9 | 2025-05-23 12:43:23 | Deep Dive |
| CVE-2025-47670 | WordPress Social Login and Register plugin <= 7.6.10 - Local File Inclusion Vulnerability | miniOrange | WordPress Social Login and Register | High | 8.1 | 2025-05-23 12:43:22 | Deep Dive |
| CVE-2025-5096 | TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters | tobiasbg | TablePress – Tables in WordPress made easy | Medium | 6.4 | 2025-05-23 08:23:40 | Deep Dive |
| CVE-2025-4803 | Glossary by WPPedia <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection | steinrein | Glossary by WPPedia – Best Glossary plugin for WordPress | High | 7.2 | 2025-05-21 09:21:50 | Deep Dive |
| CVE-2025-4611 | Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode | rilwis | Slim SEO – A Fast & Automated SEO Plugin For WordPress | Medium | 6.4 | 2025-05-21 09:21:50 | Deep Dive |
| CVE-2025-4524 | Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion | WPStylish | Madara – Responsive and modern WordPress theme for manga sites | Critical | 9.8 | 2025-05-21 06:39:46 | Deep Dive |
| CVE-2025-4094 | Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing | Unknown | DIGITS: WordPress Mobile Number Signup and Login | - | - | 2025-05-21 06:00:09 | Deep Dive |
| CVE-2025-4322 | Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover | StylemixThemes | Motors - Car Dealer, Rental & Listing WordPress theme | Critical | 9.8 | 2025-05-20 05:30:48 | Deep Dive |
| CVE-2025-39372 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability | elbisnero | WordPress Events Calendar Registration & Tickets | High | 7.1 | 2025-05-19 19:38:06 | Deep Dive |
| CVE-2025-39409 | WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability | pressaholic | WordPress Video Robot - The Ultimate Video Importer | High | 7.1 | 2025-05-19 19:03:43 | Deep Dive |
| CVE-2025-39411 | WordPress WhatsApp Click to Chat Plugin for WordPress plugin <= 2.2.12 - Local File Inclusion vulnerability | Indie_Plugins | WhatsApp Click to Chat Plugin for WordPress | High | 7.5 | 2025-05-19 18:58:02 | Deep Dive |
| CVE-2025-47581 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability | elbisnero | WordPress Events Calendar Registration & Tickets | Critical | 9.8 | 2025-05-19 18:13:45 | Deep Dive |
| CVE-2025-47582 | WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability | QuantumCloud | WPBot Pro Wordpress Chatbot | Critical | 9.8 | 2025-05-19 18:12:08 | Deep Dive |
| CVE-2025-46262 | WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability | Zack Katz | Mad Mimi for WordPress | Medium | 6.5 | 2025-05-19 17:06:24 | Deep Dive |
| CVE-2025-39376 | WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability | QuanticaLabs | Car Park Booking System for WordPress | Medium | 4.3 | 2025-05-19 16:46:42 | Deep Dive |