| CVE-2024-13653 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | MVPThemes | ZoxPress - The All-In-One WordPress News Theme | High | 8.8 | 2025-02-12 04:22:16 | Deep Dive |
| CVE-2024-13421 | Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator | contempoinc | Real Estate 7 WordPress | Critical | 9.8 | 2025-02-12 04:22:15 | Deep Dive |
| CVE-2024-11746 | Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Brands for WooCommerce | Medium | 6.4 | 2025-02-12 04:22:14 | Deep Dive |
| CVE-2024-13769 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | ThemeREX | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL | Medium | 6.4 | 2025-02-12 04:22:14 | Deep Dive |
| CVE-2024-13541 | aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | adirectory | aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory | Medium | 4.3 | 2025-02-12 03:21:40 | Deep Dive |
| CVE-2024-13554 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 5.3 | 2025-02-12 03:21:37 | Deep Dive |
| CVE-2024-13643 | Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification | MVPThemes | Zox News - Professional WordPress News & Magazine Theme | High | 8.8 | 2025-02-11 07:30:22 | Deep Dive |
| CVE-2025-0169 | DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | scriptsbundle | DWT - Directory & Listing WordPress Theme | Medium | 6.4 | 2025-02-08 22:21:31 | Deep Dive |
| CVE-2025-25077 | WordPress Easy Chart Builder for WordPress plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability | dugbug | Easy Chart Builder for WordPress | Medium | 6.5 | 2025-02-07 10:11:32 | Deep Dive |
| CVE-2024-13841 | Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure | daveshine | Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time | Medium | 4.3 | 2025-02-07 06:59:58 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |
| CVE-2024-13403 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 6.4 | 2025-02-04 08:21:07 | Deep Dive |
| CVE-2025-0368 | Banner Garden Plugin for WordPress <= 0.1.3 - Reflected XSS | Unknown | Banner Garden Plugin for WordPress | 中危 | - | 2025-02-04 06:00:11 | Deep Dive |
| CVE-2024-11132 | Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.4 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 4.3 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11133 | Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 5.3 | 2025-02-03 19:22:44 | Deep Dive |
| CVE-2025-22704 | WordPress Signature plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability | Abinav Thakuri | WordPress Signature | High | 7.1 | 2025-02-03 14:23:53 | Deep Dive |
| CVE-2025-23614 | WordPress WordPress Additional Logins plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | niksudan | WordPress Additional Logins | High | 7.1 | 2025-02-03 14:22:44 | Deep Dive |
| CVE-2024-13612 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 6.4 | 2025-02-01 12:21:31 | Deep Dive |
| CVE-2024-13098 | WP Email Newsletter <= 1.1 - Reflected XSS | Unknown | WordPress Email Newsletter | 中危 | - | 2025-02-01 06:00:14 | Deep Dive |