| CVE-2025-67966 | WordPress Lawyer Directory plugin <= 1.3.3 - Privilege Escalation vulnerability | e-plugins | Lawyer Directory | - | - | 2026-01-22 16:51:58 | Deep Dive |
| CVE-2026-1160 | PHPGurukul Directory Management System Search index.php sql injection | PHPGurukul | Directory Management System | High | 7.3 | 2026-01-19 15:32:07 | Deep Dive |
| CVE-2025-15283 | Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters | jeroenpeters1986 | Name Directory | High | 7.2 | 2026-01-14 05:28:07 | Deep Dive |
| CVE-2025-68887 | WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | CMSJunkie - WordPress Business Directory Plugins | WP-BusinessDirectory | 中危 | - | 2026-01-08 09:17:54 | Deep Dive |
| CVE-2025-14047 | WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | Medium | 5.3 | 2026-01-02 01:48:20 | Deep Dive |
| CVE-2025-69018 | WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability | Shamalli | Web Directory Free | 中危 | - | 2025-12-30 10:47:54 | Deep Dive |
| CVE-2025-68580 | WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability | pluginsware | Advanced Classifieds & Directory Pro | Medium | 4.3 | 2025-12-24 13:10:40 | Deep Dive |
| CVE-2025-13220 | Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-21 03:20:06 | Deep Dive |
| CVE-2025-12492 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-12-20 08:22:10 | Deep Dive |
| CVE-2025-14081 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2025-12-17 18:21:36 | Deep Dive |
| CVE-2025-13217 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-17 18:21:35 | Deep Dive |
| CVE-2025-64630 | WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability | Strategy11 Team | Business Directory | Medium | 4.9 | 2025-12-16 08:12:50 | Deep Dive |
| CVE-2025-64243 | WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability | e-plugins | Directory Pro | Medium | 4.3 | 2025-12-16 08:12:48 | Deep Dive |
| CVE-2025-13089 | WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection | wpdirectorykit | WP Directory Kit | High | 7.5 | 2025-12-13 03:20:26 | Deep Dive |
| CVE-2025-67596 | WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability | Strategy11 Team | Business Directory | Medium | 4.3 | 2025-12-09 14:14:19 | Deep Dive |
| CVE-2025-67576 | WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability | QuantumCloud | Simple Link Directory | - | - | 2025-12-09 14:14:14 | Deep Dive |
| CVE-2025-67465 | WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability | QuantumCloud | Simple Link Directory | Medium | 4.3 | 2025-12-09 14:13:55 | Deep Dive |
| CVE-2025-12577 | Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update | passionui | Listar – Directory Listing & Classifieds WordPress Plugin | Medium | 4.3 | 2025-12-06 05:49:31 | Deep Dive |
| CVE-2025-12574 | Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | passionui | Listar – Directory Listing & Classifieds WordPress Plugin | Medium | 4.3 | 2025-12-06 05:49:25 | Deep Dive |
| CVE-2025-13390 | WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover | listingthemes | WP Directory Kit | Critical | 10.0 | 2025-12-03 13:52:44 | Deep Dive |