| CVE-2025-14798 | LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-20 03:25:18 | Deep Dive |
| CVE-2026-0820 | RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders | sweetdaisy86 | RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress | Medium | 4.3 | 2026-01-17 03:24:24 | Deep Dive |
| CVE-2025-12641 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 6.5 | 2026-01-16 04:44:35 | Deep Dive |
| CVE-2025-14615 | DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection | dashboardbuilder | DASHBOARD BUILDER – WordPress plugin for Charts and Graphs | High | 7.1 | 2026-01-14 05:28:04 | Deep Dive |
| CVE-2025-13749 | Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering | creativemotion | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | Medium | 4.3 | 2026-01-09 05:25:21 | Deep Dive |
| CVE-2025-27004 | WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Famous - Responsive Image And Video Grid Gallery WordPress Plugin | High | 7.1 | 2026-01-08 09:17:42 | Deep Dive |
| CVE-2025-13520 | MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update | mtcaptcha | MTCaptcha WordPress Plugin | Medium | 4.3 | 2026-01-07 08:21:55 | Deep Dive |
| CVE-2025-14802 | LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.4 | 2026-01-07 07:17:33 | Deep Dive |
| CVE-2025-14867 | Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal | liangshao | Flashcard Plugin for WordPress | Medium | 6.5 | 2026-01-07 06:36:04 | Deep Dive |
| CVE-2025-13964 | LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-06 08:21:49 | Deep Dive |
| CVE-2025-13766 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 5.4 | 2026-01-06 08:21:48 | Deep Dive |
| CVE-2025-13812 | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | Medium | 4.3 | 2026-01-06 07:22:13 | Deep Dive |
| CVE-2025-28973 | WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability | AA-Team | Pro Bulk Watermark Plugin for WordPress | 中危 | - | 2025-12-31 20:02:11 | Deep Dive |
| CVE-2025-62088 | WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability | extendons | WordPress & WooCommerce Scraper Plugin, Import Data from Any Site | Medium | 5.4 | 2025-12-31 17:04:44 | Deep Dive |
| CVE-2025-69022 | WordPress HR Management Lite plugin <= 3.6 - Broken Access Control vulnerability | Weblizar - WordPress Themes & Plugin | HR Management Lite | Medium | 5.4 | 2025-12-30 10:47:55 | Deep Dive |
| CVE-2025-13958 | YaMaps < 0.6.40 - Contributor+ Stored XSS | Unknown | YaMaps for WordPress Plugin | 中危 | - | 2025-12-29 06:00:11 | Deep Dive |
| CVE-2025-14913 | Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 5.3 | 2025-12-25 23:20:03 | Deep Dive |
| CVE-2025-14080 | Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 5.3 | 2025-12-21 02:20:31 | Deep Dive |
| CVE-2025-11496 | Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.5 - Unauthenticated Stored Cross-Site Scripting | rustaurius | Five Star Restaurant Reservations – WordPress Booking Plugin | Medium | 6.1 | 2025-12-21 02:20:30 | Deep Dive |
| CVE-2025-13861 | HTML Forms – Simple WordPress Forms Plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting | linksoftware | HTML Forms – Simple WordPress Forms Plugin | Medium | 6.1 | 2025-12-17 04:31:31 | Deep Dive |