| CVE-2024-10554 | WP-Advanced-Search < 3.3.9.3 - Admin+ Stored XSS | Unknown | WordPress WP-Advanced-Search | 低危 | - | 2025-03-25 06:00:05 | Deep Dive |
| CVE-2025-30608 | WordPress SQL Backup plugin <= 3.5.2 - Cross Site Request Forgery (CSRF) Vulnerability | Anthony | WordPress SQL Backup | High | 7.1 | 2025-03-24 13:47:26 | Deep Dive |
| CVE-2025-30552 | WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability | Donald Gilbert | WordPress Admin Bar Improved | High | 7.1 | 2025-03-24 13:46:56 | Deep Dive |
| CVE-2025-30526 | WordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability | lucksy | Typekit plugin for WordPress | Medium | 4.3 | 2025-03-24 13:46:39 | Deep Dive |
| CVE-2025-2186 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 7.5 | 2025-03-22 12:42:12 | Deep Dive |
| CVE-2024-12920 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions | Chimpstudio | FoodBakery | Delivery Restaurant Directory WordPress Theme | High | 8.8 | 2025-03-19 11:10:38 | Deep Dive |
| CVE-2024-13933 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions | Chimpstudio | FoodBakery | Delivery Restaurant Directory WordPress Theme | High | 8.8 | 2025-03-19 11:10:37 | Deep Dive |
| CVE-2024-13790 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion | ThemeMove | MinimogWP – The High Converting eCommerce WordPress Theme | Critical | 9.8 | 2025-03-19 08:22:00 | Deep Dive |
| CVE-2024-13412 | CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler | LoftOcean | CozyStay - Hotel Booking WordPress Theme | High | 7.5 | 2025-03-19 06:57:42 | Deep Dive |
| CVE-2024-13410 | CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler | LoftOcean | CozyStay - Hotel Booking WordPress Theme | Critical | 9.8 | 2025-03-19 06:57:41 | Deep Dive |
| CVE-2025-1530 | Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 4.3 | 2025-03-15 11:13:29 | Deep Dive |
| CVE-2025-1771 | Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post | ShineTheme | Travel Booking WordPress Theme | Critical | 9.8 | 2025-03-15 04:22:08 | Deep Dive |
| CVE-2024-13497 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2025-03-15 04:22:08 | Deep Dive |
| CVE-2025-1773 | Traveler <= 3.1.8 - Reflected Cross-Site Scripting | ShineTheme | Travel Booking WordPress Theme | Medium | 6.1 | 2025-03-15 04:22:07 | Deep Dive |
| CVE-2025-1653 | Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation | stylemix | Directory Listings WordPress plugin – uListing | High | 8.8 | 2025-03-15 02:22:42 | Deep Dive |
| CVE-2025-1657 | Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection | stylemix | Directory Listings WordPress plugin – uListing | High | 8.8 | 2025-03-15 02:22:42 | Deep Dive |
| CVE-2024-13773 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure | uxper | Civi - Job Board & Freelance Marketplace WordPress Theme | High | 7.3 | 2025-03-14 11:15:54 | Deep Dive |
| CVE-2024-13772 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass | uxper | Civi - Job Board & Freelance Marketplace WordPress Theme | Medium | 5.6 | 2025-03-14 11:15:53 | Deep Dive |
| CVE-2024-13771 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update | uxper | Civi - Job Board & Freelance Marketplace WordPress Theme | Critical | 9.8 | 2025-03-14 11:15:52 | Deep Dive |
| CVE-2024-12810 | JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrative Actions | - | JobCareer | Job Board Responsive WordPress Theme | High | 8.8 | 2025-03-14 11:15:52 | Deep Dive |