| CVE-2025-1285 | Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update | SmartDataSoft | Resido - Real Estate WordPress Theme | Medium | 5.3 | 2025-03-14 04:22:32 | Deep Dive |
| CVE-2025-2250 | WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins <= 2.32 - Authenticated (Admin+) SQL Injection | sminozzi | ReportAttacks — Brute Force & Login Protection | Medium | 4.9 | 2025-03-13 03:21:02 | Deep Dive |
| CVE-2024-13887 | Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition | strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress | Medium | 5.3 | 2025-03-13 03:21:01 | Deep Dive |
| CVE-2025-28914 | WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability | Ajay Sharma | wordpress login form to anywhere | Medium | 5.9 | 2025-03-11 21:01:00 | Deep Dive |
| CVE-2025-28894 | WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability | frucomerci | List of Posts from each Category plugin for WordPress | High | 7.1 | 2025-03-11 21:00:49 | Deep Dive |
| CVE-2025-2169 | WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution | realmag777 | WPCS – WordPress Currency Switcher Professional | High | 7.3 | 2025-03-11 03:22:20 | Deep Dive |
| CVE-2024-13668 | WordPress Activity O Meter <= 1 - Reflected XSS | Unknown | WordPress Activity O Meter | 高危 | - | 2025-03-07 09:49:49 | Deep Dive |
| CVE-2024-13805 | Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | saadiqbal | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | Medium | 6.4 | 2025-03-07 09:21:14 | Deep Dive |
| CVE-2024-12876 | Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change | uxper | Golo - City Travel Guide WordPress Theme | Critical | 9.8 | 2025-03-07 08:21:28 | Deep Dive |
| CVE-2024-9658 | School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation | dasinfomedia | School Management System for Wordpress | High | 8.8 | 2025-03-07 08:21:27 | Deep Dive |
| CVE-2024-12609 | School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' | dasinfomedia | School Management System for Wordpress | Medium | 6.5 | 2025-03-07 08:21:27 | Deep Dive |
| CVE-2025-0959 | Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id | imithemes | Eventer - WordPress Event & Booking Manager Plugin | High | 8.8 | 2025-03-07 08:21:27 | Deep Dive |
| CVE-2024-12610 | School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | dasinfomedia | School Management System for Wordpress | Medium | 5.3 | 2025-03-07 08:21:26 | Deep Dive |
| CVE-2024-10804 | Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download | FWDesign | Ultimate Video Player WordPress & WooCommerce Plugin | High | 7.5 | 2025-03-07 08:21:25 | Deep Dive |
| CVE-2024-12611 | School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting | dasinfomedia | School Management System for Wordpress | Medium | 5.3 | 2025-03-07 08:21:24 | Deep Dive |
| CVE-2024-12607 | School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' | dasinfomedia | School Management System for Wordpress | Medium | 6.5 | 2025-03-07 08:21:21 | Deep Dive |
| CVE-2024-13906 | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection | bestwebsoft | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | High | 7.2 | 2025-03-07 07:22:24 | Deep Dive |
| CVE-2024-13655 | Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion | MVPThemes | Flex Mag - Responsive WordPress News Theme | High | 8.1 | 2025-03-07 06:40:04 | Deep Dive |
| CVE-2025-1666 | Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission | cookiebot | Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode | Medium | 4.3 | 2025-03-06 11:11:02 | Deep Dive |
| CVE-2025-1672 | Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | ninjateam | Notibar – Notification Bar for WordPress | Medium | 5.5 | 2025-03-06 09:21:20 | Deep Dive |