| CVE-2025-1463 | Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish | javmah | WPGSI: Spreadsheet Integration | Medium | 4.3 | 2025-03-05 11:22:08 | Deep Dive |
| CVE-2024-13232 | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation | ddeveloper | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data | High | 8.8 | 2025-03-05 09:21:51 | Deep Dive |
| CVE-2024-13787 | VEDA - MultiPurpose WordPress Theme <= 4.2 - Authenticated (Subscriber+) PHP Object Injection | designthemes | VEDA - MultiPurpose WordPress Theme | Critical | 9.8 | 2025-03-05 09:21:49 | Deep Dive |
| CVE-2024-13809 | Hero Slider - WordPress Slider Plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection | heroplugins | Hero Slider - WordPress Slider Plugin | Medium | 6.5 | 2025-03-05 09:21:48 | Deep Dive |
| CVE-2024-13778 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection | heroplugins | Hero Mega Menu - Responsive WordPress Menu Plugin | Medium | 6.5 | 2025-03-05 09:21:47 | Deep Dive |
| CVE-2024-13779 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting | heroplugins | Hero Mega Menu - Responsive WordPress Menu Plugin | Medium | 6.1 | 2025-03-05 09:21:45 | Deep Dive |
| CVE-2024-13777 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | High | 8.1 | 2025-03-05 09:21:45 | Deep Dive |
| CVE-2024-13780 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion | heroplugins | Hero Mega Menu - Responsive WordPress Menu Plugin | Medium | 6.5 | 2025-03-05 09:21:44 | Deep Dive |
| CVE-2024-8682 | JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration | https://themeforest.net/item/jnews-one-stop-solution-for-web-publishing/20566392 | JNews - WordPress Newspaper Magazine Blog AMP Theme | Medium | 5.3 | 2025-03-05 08:21:55 | Deep Dive |
| CVE-2025-0958 | Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion | nitesh_singh | Ultimate WordPress Auction Plugin | Medium | 5.4 | 2025-03-04 09:22:37 | Deep Dive |
| CVE-2025-26885 | WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability | Beaver Builder | WordPress Assistant | 高危 | - | 2025-03-03 13:30:41 | Deep Dive |
| CVE-2025-23843 | WordPress WP-HR Manager plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | wphrmanager | WP-HR Manager: The Human Resources Plugin for WordPress | High | 7.1 | 2025-03-03 13:30:19 | Deep Dive |
| CVE-2024-13833 | Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta | awordpresslife | Album Gallery | High | 7.2 | 2025-03-01 11:22:49 | Deep Dive |
| CVE-2024-13697 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 4.8 | 2025-03-01 08:23:21 | Deep Dive |
| CVE-2024-13611 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | High | 7.5 | 2025-03-01 08:23:20 | Deep Dive |
| CVE-2024-12544 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | High | 8.8 | 2025-03-01 07:24:06 | Deep Dive |
| CVE-2024-12824 | Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change | scriptsbundle | Nokri – Job Board WordPress Theme | Critical | 9.8 | 2025-03-01 06:39:27 | Deep Dive |
| CVE-2024-13901 | Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting | wpcalc | Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress | Medium | 4.4 | 2025-03-01 05:30:59 | Deep Dive |
| CVE-2024-9195 | WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update | creativeon | WHMCS Client Area for WordPress by WHMpress | High | 8.8 | 2025-02-28 08:23:19 | Deep Dive |
| CVE-2024-9019 | SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode | secupress | SecuPress with Simple SSL – Simple and Performant Security | Medium | 6.4 | 2025-02-28 08:23:16 | Deep Dive |