| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-31616 | WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability | AdminGeekZ | Varnish WordPress | High | 7.1 | 2025-03-31 12:55:42 | Deep Dive |
| CVE-2025-31597 | WordPress Ultimate Live Cricket WordPress Lite plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability | crazycric | Ultimate Live Cricket WordPress Lite | Medium | 6.5 | 2025-03-31 12:55:33 | Deep Dive |
| CVE-2025-31585 | WordPress Leadfox for WordPress plugin <= 2.1.9 - CSRF to Stored XSS vulnerability | leadfox | Leadfox for WordPress | High | 7.1 | 2025-03-31 12:55:25 | Deep Dive |
| CVE-2025-31569 | WordPress wordpress related Posts with thumbnails plugin <= 3.0.0.1 - CSRF to Stored XSS vulnerability | wp-buy | wordpress related Posts with thumbnails | High | 7.1 | 2025-03-31 12:55:20 | Deep Dive |
| CVE-2025-31562 | WordPress Uptime Robot Plugin for WordPress plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability | Aphotrax | Uptime Robot Plugin for WordPress | Medium | 6.5 | 2025-03-31 12:55:19 | Deep Dive |
| CVE-2025-31547 | WordPress Uptime Robot Plugin for WordPress plugin <= 2.3 - SQL Injection vulnerability | Aphotrax | Uptime Robot Plugin for WordPress | High | 8.5 | 2025-03-31 12:55:15 | Deep Dive |
| CVE-2025-22634 | WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability | MD Abu Jubayer Hossain | Easy Booked – Appointment Booking and Scheduling Management System for WordPress | Medium | 5.4 | 2025-03-27 15:27:43 | Deep Dive |
| CVE-2025-22644 | WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability | ThemeHunk | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce | Medium | 6.5 | 2025-03-27 15:11:03 | Deep Dive |
| CVE-2025-2685 | TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting | tobiasbg | TablePress – Tables in WordPress made easy | Medium | 6.4 | 2025-03-27 05:22:30 | Deep Dive |
| CVE-2025-28928 | WordPress Are you robot google recaptcha for Wordpress plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | sureshdsk | Are you robot google recaptcha for wordpress | High | 7.1 | 2025-03-26 14:24:25 | Deep Dive |
| CVE-2025-1312 | Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimateblocks | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | Medium | 6.4 | 2025-03-26 11:22:11 | Deep Dive |
| CVE-2024-13889 | WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection | wordpressdotorg | WordPress Importer | High | 7.2 | 2025-03-26 11:22:10 | Deep Dive |
| CVE-2024-13411 | Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function | zapier | Zapier for WordPress | Medium | 6.4 | 2025-03-26 11:22:10 | Deep Dive |
| CVE-2025-1703 | Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter | ultimateblocks | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | Medium | 6.4 | 2025-03-26 09:21:49 | Deep Dive |
| CVE-2025-2257 | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection | boldgrid | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | High | 7.2 | 2025-03-26 08:21:50 | Deep Dive |
| CVE-2025-1784 | Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2025-03-26 05:22:53 | Deep Dive |
| CVE-2025-2276 | Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation | davidvongries | Ultimate Dashboard – Custom WordPress Dashboard | Medium | 4.3 | 2025-03-25 23:22:01 | Deep Dive |
| CVE-2025-1798 | Design Comuni Italia < 1.1.2 - Unauthenticated Stored XSS | Unknown | design-comuni-wordpress-theme | 中危 | - | 2025-03-25 06:00:15 | Deep Dive |
| CVE-2024-11272 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS | Unknown | Contact Form & SMTP Plugin for WordPress by PirateForms | 中危 | - | 2025-03-25 06:00:10 | Deep Dive |
| CVE-2024-11273 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS | Unknown | Contact Form & SMTP Plugin for WordPress by PirateForms | 中危 | - | 2025-03-25 06:00:10 | Deep Dive |