| CVE-2025-39545 | WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability | miniOrange | WordPress REST API Authentication | Medium | 5.4 | 2025-04-16 12:44:39 | Deep Dive |
| CVE-2025-3104 | WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function | WPStaging | WP STAGING Pro WordPress Backup Plugin | Medium | 5.3 | 2025-04-16 08:22:17 | Deep Dive |
| CVE-2024-13338 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache | creativemotion | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | Medium | 5.3 | 2025-04-12 06:37:20 | Deep Dive |
| CVE-2024-13337 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy' | creativemotion | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | Medium | 4.3 | 2025-04-12 06:37:18 | Deep Dive |
| CVE-2025-2871 | WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update | quadlayers | QuadMenu – Mega Menu | Medium | 4.3 | 2025-04-12 03:21:34 | Deep Dive |
| CVE-2025-2841 | Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure | reality66 | Cart66 Cloud :: WordPress Ecommerce The Easy Way | Medium | 5.3 | 2025-04-12 02:23:15 | Deep Dive |
| CVE-2025-3421 | Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Medium | 6.1 | 2025-04-11 12:42:25 | Deep Dive |
| CVE-2025-3439 | Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-04-11 12:42:24 | Deep Dive |
| CVE-2025-3422 | Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Medium | 5.4 | 2025-04-11 12:42:24 | Deep Dive |
| CVE-2025-32629 | WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Arbitrary File Deletion vulnerability | CMSJunkie - WordPress Business Directory Plugins | WP-BusinessDirectory | High | 8.6 | 2025-04-11 08:43:01 | Deep Dive |
| CVE-2025-31015 | WordPress SMTP Service, Email Delivery Solved! — MailHawk plugin <= 1.3.1 - Local File Inclusion Vulnerability | Adrian Tobey | WordPress SMTP Service, Email Delivery Solved! — MailHawk | High | 7.5 | 2025-04-11 08:42:49 | Deep Dive |
| CVE-2025-32202 | WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability | Brian Batt - elearningfreak.com | Insert or Embed Articulate Content into WordPress | Critical | 9.1 | 2025-04-10 08:09:44 | Deep Dive |
| CVE-2025-32114 | WordPress 5sterrenspecialist plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | 5sterrenspecialist | WordPress 5sterrenspecialist Plugin | High | 7.1 | 2025-04-10 08:09:41 | Deep Dive |
| CVE-2025-31035 | WordPress WP Editor.md – The Perfect Markdown Editor plugin <= 10.2.1 - Cross Site Scripting (XSS) Vulnerability | Benjamin Chris | WP Editor.md – The Perfect WordPress Markdown Editor | Medium | 5.9 | 2025-04-09 16:10:12 | Deep Dive |
| CVE-2025-32581 | WordPress WordPress Spam Blocker Plugin <= 2.0.5 - CSRF to Stored XSS vulnerability | Ankit Singla | WordPress Spam Blocker | High | 7.1 | 2025-04-09 16:09:32 | Deep Dive |
| CVE-2025-32597 | WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerability | George Sexton | WordPress Events Calendar Plugin – connectDaily | High | 7.1 | 2025-04-09 16:09:30 | Deep Dive |
| CVE-2024-8243 | Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF | Unknown | WordPress/Plugin Upgrade Time Out Plugin | - | - | 2025-04-09 06:00:07 | Deep Dive |
| CVE-2025-2568 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update | themehunk | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce | Medium | 5.3 | 2025-04-08 11:11:31 | Deep Dive |
| CVE-2025-3436 | coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection | gdragon | coreActivity: Activity Logging for WordPress | Medium | 6.5 | 2025-04-08 08:22:09 | Deep Dive |
| CVE-2025-3431 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | High | 7.5 | 2025-04-08 07:29:44 | Deep Dive |