| CVE-2025-3923 | Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure | buildwps | Prevent Direct Access – Protect WordPress Files | Medium | 5.3 | 2025-04-25 05:25:08 | Deep Dive |
| CVE-2025-3861 | Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions | buildwps | Prevent Direct Access – Protect WordPress Files | Medium | 5.4 | 2025-04-25 05:25:07 | Deep Dive |
| CVE-2025-1294 | eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting | WPQuark | eForm - WordPress Form Builder | High | 7.2 | 2025-04-24 22:22:15 | Deep Dive |
| CVE-2025-46533 | WordPress Landing pages and Domain aliases for WordPress plugin <= 0.8 - Cross Site Scripting (XSS) Vulnerability | wpdrift.no | Landing pages and Domain aliases for WordPress | Medium | 5.9 | 2025-04-24 16:09:17 | Deep Dive |
| CVE-2024-13307 | Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates | pixel_prime | Reales WP - Real Estate WordPress Theme | Medium | 5.3 | 2025-04-24 08:23:51 | Deep Dive |
| CVE-2025-3530 | WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation | mra13 | Simple Shopping Cart | High | 7.5 | 2025-04-23 07:06:50 | Deep Dive |
| CVE-2025-3529 | WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter | mra13 | Simple Shopping Cart | High | 8.2 | 2025-04-23 07:06:49 | Deep Dive |
| CVE-2021-4455 | Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload | Codeflist | Wordpress Plugin Smart Product Review | Critical | 9.8 | 2025-04-19 07:23:39 | Deep Dive |
| CVE-2025-1093 | AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image | LiquidThemes | AI Hub - Startup & Technology WordPress Theme | Critical | 9.8 | 2025-04-19 03:21:23 | Deep Dive |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-2162 | MapPress Maps for WordPress < 2.94.10 - Admin+ Stored XSS | Unknown | MapPress Maps for WordPress | 中危 | - | 2025-04-18 06:00:08 | Deep Dive |
| CVE-2025-23906 | WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability | wpseek | WordPress Dashboard Tweeter | Medium | 6.5 | 2025-04-17 15:48:27 | Deep Dive |
| CVE-2025-24548 | WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability | Autoglot | Autoglot – Automatic WordPress Translation | High | 7.1 | 2025-04-17 15:48:24 | Deep Dive |
| CVE-2025-24651 | WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability | WebToffee | WordPress Backup & Migration | - | - | 2025-04-17 15:48:14 | Deep Dive |
| CVE-2025-27291 | WordPress Photo Gallery – Image Gallery Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | uxgallery | WordPress Photo Gallery – Image Gallery | High | 7.1 | 2025-04-17 15:48:06 | Deep Dive |
| CVE-2025-32520 | WordPress WordPress Health and Server Condition plugin <= 4.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | M. Ali Saleem | WordPress Health and Server Condition – Integrated with Google Page Speed | High | 7.1 | 2025-04-17 15:47:43 | Deep Dive |
| CVE-2025-32630 | WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | CMSJunkie - WordPress Business Directory Plugins | WP-BusinessDirectory | High | 7.1 | 2025-04-17 15:47:12 | Deep Dive |
| CVE-2025-39417 | WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability | Eslam Mahmoud | Redirect wordpress to welcome or landing page | High | 7.1 | 2025-04-17 15:17:11 | Deep Dive |
| CVE-2025-39431 | WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability | Aaron Forgue | Amazon Showcase WordPress Plugin | High | 7.1 | 2025-04-17 15:16:59 | Deep Dive |
| CVE-2025-3453 | Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 5.3 | 2025-04-17 11:13:05 | Deep Dive |