| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-0839 | ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | Medium | 6.4 | 2025-04-05 05:32:13 | Deep Dive |
| CVE-2024-13776 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | High | 8.1 | 2025-04-05 05:32:12 | Deep Dive |
| CVE-2025-32267 | WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability | wpzinc | Post to Social Media – WordPress to Hootsuite | Medium | 4.3 | 2025-04-04 15:59:42 | Deep Dive |
| CVE-2025-32257 | WordPress 1 Click WordPress Migration plugin <= 2.6.1 - Sensitive Data Exposure vulnerability | 1clickmigration | 1 Click WordPress Migration | Medium | 5.3 | 2025-04-04 15:59:30 | Deep Dive |
| CVE-2025-32238 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 4.3 | 2025-04-04 15:59:22 | Deep Dive |
| CVE-2025-32172 | WordPress YaMaps for WordPress plugin <= 0.6.40 - Cross Site Scripting (XSS) vulnerability | Yuri Baranov | YaMaps for WordPress | Medium | 6.5 | 2025-04-04 15:58:52 | Deep Dive |
| CVE-2025-32166 | WordPress Emma for WordPress plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | John Housholder | Emma for WordPress | Medium | 6.5 | 2025-04-04 15:58:47 | Deep Dive |
| CVE-2025-2055 | MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS | Unknown | MapPress Maps for WordPress | - | - | 2025-04-03 06:00:05 | Deep Dive |
| CVE-2025-2513 | Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | smartpixels | Smart Icons For WordPress | Medium | 6.4 | 2025-04-02 09:21:44 | Deep Dive |
| CVE-2025-31441 | WordPress WordPress Galleria plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | WordPress Galleria | High | 7.1 | 2025-04-01 20:58:10 | Deep Dive |
| CVE-2025-31846 | WordPress Theater for WordPress plugin <= 0.18.7 - Broken Access Control vulnerability | Jeroen Schmit | Theater for WordPress | Medium | 4.3 | 2025-04-01 14:51:58 | Deep Dive |
| CVE-2025-31843 | WordPress OpenAI Tools for WordPress & WooCommerce plugin <= 2.2.1 - Broken Access Control vulnerability | Wilson | OpenAI Tools for WordPress & WooCommerce | Medium | 4.3 | 2025-04-01 14:51:56 | Deep Dive |
| CVE-2025-31776 | WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability | Aphotrax | Uptime Robot Plugin for WordPress | Medium | 4.3 | 2025-04-01 14:51:23 | Deep Dive |
| CVE-2025-31735 | WordPress Footnotes for WordPress plugin <= 2016.1230 - Cross Site Scripting (XSS) Vulnerability | C. Johnson | Footnotes for WordPress | Medium | 6.5 | 2025-04-01 14:51:04 | Deep Dive |
| CVE-2025-2891 | WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload | contempoinc | Real Estate 7 WordPress | High | 8.8 | 2025-04-01 07:29:13 | Deep Dive |
| CVE-2025-1267 | Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 5.5 | 2025-04-01 06:52:05 | Deep Dive |
| CVE-2025-30808 | WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability | Weblizar - WordPress Themes & Plugin | About Author | High | 7.1 | 2025-04-01 05:31:38 | Deep Dive |
| CVE-2025-30796 | WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability | WP Extended | The Ultimate WordPress Toolkit – WP Extended | High | 7.1 | 2025-04-01 05:31:37 | Deep Dive |
| CVE-2025-30559 | WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | PluginsPoint | Kento WordPress Stats | High | 7.1 | 2025-04-01 05:31:34 | Deep Dive |
| CVE-2024-13567 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | High | 7.5 | 2025-04-01 05:22:46 | Deep Dive |