| CVE-2024-9195 | WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update | creativeon | WHMCS Client Area for WordPress by WHMpress | High | 8.8 | 2025-02-28 08:23:19 | Deep Dive |
| CVE-2024-9193 | WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update | creativeon | WHMpress - WHMCS WordPress Integration Plugin | Critical | 9.8 | 2025-02-28 08:23:16 | Deep Dive |
| CVE-2024-9019 | SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode | secupress | SecuPress with Simple SSL – Simple and Performant Security | Medium | 6.4 | 2025-02-28 08:23:16 | Deep Dive |
| CVE-2025-1757 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 6.4 | 2025-02-28 04:21:56 | Deep Dive |
| CVE-2025-1687 | Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile | ThemeMakers | Car Dealer Automotive WordPress Theme – Responsive | High | 8.8 | 2025-02-27 23:22:40 | Deep Dive |
| CVE-2024-12811 | Traveler <= 3.1.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode | ShineTheme | Travel Booking WordPress Theme | High | 8.8 | 2025-02-27 23:22:40 | Deep Dive |
| CVE-2025-1682 | Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation | ThemeMakers | Car Dealer Automotive WordPress Theme – Responsive | High | 8.8 | 2025-02-27 23:22:39 | Deep Dive |
| CVE-2025-1681 | Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files | ThemeMakers | Car Dealer Automotive WordPress Theme – Responsive | Medium | 5.4 | 2025-02-27 23:22:39 | Deep Dive |
| CVE-2025-1282 | Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read | ThemeMakers | Car Dealer Automotive WordPress Theme – Responsive | High | 8.8 | 2025-02-27 08:22:04 | Deep Dive |
| CVE-2024-13907 | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery | boldgrid | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | Medium | 4.9 | 2025-02-27 06:48:39 | Deep Dive |
| CVE-2025-26913 | WordPress AR for WordPress plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability | webandprint | AR For WordPress | Medium | 6.5 | 2025-02-25 14:17:54 | Deep Dive |
| CVE-2024-13494 | WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details | nickboss | Iptanus File Upload | Medium | 4.3 | 2025-02-25 07:30:31 | Deep Dive |
| CVE-2025-1128 | Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-02-25 06:58:31 | Deep Dive |
| CVE-2025-27265 | WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | Aaron D. Campbell | Google Maps for WordPress | Medium | 6.5 | 2025-02-24 14:48:45 | Deep Dive |
| CVE-2024-13235 | Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.4 - Authenticated (Subscriber+) SQL Injection | dotonpaper | Pinpoint Booking System – Version 2 | Medium | 6.5 | 2025-02-21 03:21:20 | Deep Dive |
| CVE-2024-13231 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 5.3 | 2025-02-19 08:21:46 | Deep Dive |
| CVE-2024-11335 | UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultradevs | UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included | Medium | 6.4 | 2025-02-19 07:32:11 | Deep Dive |
| CVE-2025-1065 | Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File | themeisle | Visualizer: Tables and Charts Manager for WordPress | Medium | 6.4 | 2025-02-19 05:22:53 | Deep Dive |
| CVE-2025-0521 | Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2025-02-18 11:10:19 | Deep Dive |
| CVE-2024-13797 | PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution | PressLayouts | PressMart - Modern Elementor WooCommerce WordPress Theme | High | 7.3 | 2025-02-18 11:10:18 | Deep Dive |