| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-3780 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification | wclovers | WCFM – Frontend Manager for WooCommerce | Medium | 6.5 | 2025-07-08 23:22:49 | Deep Dive |
| CVE-2025-49303 | WordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download Vulnerability | Shabti Kaplan | Frontend Admin by DynamiApps | Medium | 6.8 | 2025-07-04 11:18:00 | Deep Dive |
| CVE-2025-27358 | WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability | N-Media | Frontend File Manager | Medium | 4.6 | 2025-07-04 08:42:10 | Deep Dive |
| CVE-2025-31429 | WordPress PressGrid - Frontend Publish Reaction & Multimedia Theme <= 1.3.1 - Deserialization of untrusted data Vulnerability | themeton | PressGrid - Frontend Publish Reaction & Multimedia Theme | Critical | 9.8 | 2025-06-09 15:56:37 | Deep Dive |
| CVE-2025-49310 | WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability | M A Vinoth Kumar | Frontend Dashboard | Medium | 6.5 | 2025-06-06 12:53:51 | Deep Dive |
| CVE-2025-3055 | WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion | wedevs | WP User Frontend Pro | High | 8.1 | 2025-06-05 05:23:01 | Deep Dive |
| CVE-2025-3054 | WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload | wedevs | WP User Frontend Pro | High | 8.8 | 2025-06-05 05:23:00 | Deep Dive |
| CVE-2025-4392 | Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function | anssilaitila | Shared Files – Frontend File Upload Form & Secure File Sharing | High | 7.2 | 2025-06-03 09:22:04 | Deep Dive |
| CVE-2025-4474 | Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function | vinoth06 | Frontend Dashboard | High | 8.8 | 2025-05-13 06:40:57 | Deep Dive |
| CVE-2025-4473 | Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function | vinoth06 | Frontend Dashboard | High | 8.8 | 2025-05-13 06:40:55 | Deep Dive |
| CVE-2025-3605 | Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover | arkenon | Login, Registration and Lost Password Blocks | Critical | 9.8 | 2025-05-09 06:42:35 | Deep Dive |
| CVE-2025-4104 | Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function | vinoth06 | Frontend Dashboard | Critical | 9.8 | 2025-05-07 09:21:45 | Deep Dive |
| CVE-2025-46248 | WordPress Frontend Dashboard plugin <= 2.2.5 - SQL Injection Vulnerability | M A Vinoth Kumar | Frontend Dashboard | Critical | 9.3 | 2025-04-24 16:08:29 | Deep Dive |
| CVE-2025-3607 | Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset | arkenon | Login, Registration and Lost Password Blocks | High | 8.8 | 2025-04-24 08:23:50 | Deep Dive |
| CVE-2025-32593 | WordPress Add Product Frontend for WooCommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability | Bytes Technolab | Add Product Frontend for WooCommerce | High | 8.2 | 2025-04-17 15:47:22 | Deep Dive |
| CVE-2025-32080 | Cross-origin data leak in mobilefrontend via lazy load images | The Wikimedia Foundation | Mediawiki - Mobile Frontend Extension | - | - | 2025-04-11 16:24:00 | Deep Dive |
| CVE-2025-23638 | WordPress Frontend Post Submission plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Umesh Ghimire | Frontend Post Submission | High | 7.1 | 2025-03-26 14:24:15 | Deep Dive |
| CVE-2025-25133 | WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability | newbiesup | WP Frontend Submit | High | 7.1 | 2025-03-03 13:30:26 | Deep Dive |
| CVE-2025-26987 | WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability | Shabti Kaplan | Frontend Admin by DynamiApps | High | 7.1 | 2025-02-25 14:16:35 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |