| CVE-2025-10484 | Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass | FmeAddons | Registration & Login with Mobile Phone Number for WooCommerce | Critical | 9.8 | 2026-01-17 08:24:31 | Deep Dive |
| CVE-2025-15403 | RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2025-14998 | Branda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover | wpmudev | Branda – White Label & Branding, Free Login Page Customizer | Critical | 9.8 | 2026-01-02 01:48:20 | Deep Dive |
| CVE-2025-62128 | WordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerability | SiteLock | SiteLock Security – WP Hardening, Login Security & Malware Scans | Medium | 4.3 | 2025-12-30 16:23:47 | Deep Dive |
| CVE-2025-68998 | WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability | Heateor Support | Heateor Social Login | Medium | 5.4 | 2025-12-30 10:47:52 | Deep Dive |
| CVE-2025-68974 | WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability | miniOrange | WordPress Social Login and Register | Medium | 6.6 | 2025-12-30 10:47:48 | Deep Dive |
| CVE-2025-62107 | WordPress Feather Login Page plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability | PluginOps | Feather Login Page | Medium | 4.3 | 2025-12-22 09:32:48 | Deep Dive |
| CVE-2025-13220 | Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-21 03:20:06 | Deep Dive |
| CVE-2025-12492 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-12-20 08:22:10 | Deep Dive |
| CVE-2025-49902 | WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability | A WP Life | Login Page Customizer – Customizer Login Page, Admin Page, Custom Design | Medium | 6.5 | 2025-12-18 07:21:44 | Deep Dive |
| CVE-2025-14081 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2025-12-17 18:21:36 | Deep Dive |
| CVE-2025-13217 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-17 18:21:35 | Deep Dive |
| CVE-2023-53878 | Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability | Phpjabbers | Member Login Script | - | - | 2025-12-15 20:28:18 | Deep Dive |
| CVE-2025-13610 | RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.4 | 2025-12-15 14:25:11 | Deep Dive |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-11707 | Login Lockdown & Protection <= 2.14 - IP Block Bypass | webfactory | Login Lockdown & Protection | Medium | 5.3 | 2025-12-13 04:31:31 | Deep Dive |
| CVE-2025-14440 | JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie | jayarsiech | JAY Login & Register | Critical | 9.8 | 2025-12-13 04:31:30 | Deep Dive |
| CVE-2025-13408 | Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection | foxtheme | Foxtool All-in-One: Contact chat button, Custom login, Media optimize images | Medium | 4.3 | 2025-12-12 03:20:44 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |