| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-32377 | Rasa Pro Missing Authentication For Voice Connector APIs | RasaHQ | rasa-pro-security-advisories | Medium | 6.5 | 2025-04-18 19:59:32 | Deep Dive |
| CVE-2025-24577 | WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability | Ays Pro | Poll Maker | Medium | 6.5 | 2025-04-17 15:48:21 | Deep Dive |
| CVE-2025-27285 | WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability | Ays Pro | Easy Form | High | 7.1 | 2025-04-17 15:48:09 | Deep Dive |
| CVE-2025-27345 | WordPress Booking Ultra Pro Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability | Deetronix | Booking Ultra Pro | High | 7.1 | 2025-04-17 15:47:54 | Deep Dive |
| CVE-2025-39562 | WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability | codepeople | Payment Form for PayPal Pro | - | - | 2025-04-17 15:46:49 | Deep Dive |
| CVE-2025-31338 | Wisdom Master Pro - Missing Authorization | SUNNET Technology Co., Ltd. | Wisdom Master Pro | - | - | 2025-04-17 02:01:46 | Deep Dive |
| CVE-2025-31339 | Wisdom Master Pro - Unrestricted Upload of File with Dangerous Type | SUNNET Technology Co., Ltd. | Wisdom Master Pro | - | - | 2025-04-17 02:00:48 | Deep Dive |
| CVE-2025-31340 | Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program | SUNNET Technology Co., Ltd. | Wisdom Master Pro | - | - | 2025-04-17 01:59:57 | Deep Dive |
| CVE-2025-3104 | WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function | WPStaging | WP STAGING Pro WordPress Backup Plugin | Medium | 5.3 | 2025-04-16 08:22:17 | Deep Dive |
| CVE-2025-3546 | H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-14 01:31:07 | Deep Dive |
| CVE-2025-3545 | H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-14 01:00:09 | Deep Dive |
| CVE-2025-3544 | H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-14 00:31:08 | Deep Dive |
| CVE-2025-3543 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-14 00:00:12 | Deep Dive |
| CVE-2025-3541 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-13 23:00:15 | Deep Dive |
| CVE-2025-3540 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-13 22:31:07 | Deep Dive |
| CVE-2025-3539 | H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection | H3C | Magic NX15 | High | 8.0 | 2025-04-13 22:00:13 | Deep Dive |
| CVE-2025-32656 | WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability | RadiusTheme | Testimonial Slider And Showcase Pro | High | 8.1 | 2025-04-11 08:43:02 | Deep Dive |
| CVE-2025-32107 | TP-LINK Deco BE65 Pro 操作系统命令注入漏洞 | TP-Link Corporation Limited | Deco BE65 Pro | - | - | 2025-04-11 08:17:59 | Deep Dive |
| CVE-2025-32275 | WordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerability | Ays Pro | Survey Maker | - | - | 2025-04-10 08:09:48 | Deep Dive |