| CVE-2025-24666 | WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | Themeisle | AI Chatbot for WordPress – Hyve Lite | Medium | 5.9 | 2025-01-24 17:24:51 | Deep Dive |
| CVE-2025-24588 | WordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerability | patreon | Patreon WordPress | Medium | 6.5 | 2025-01-24 17:24:26 | Deep Dive |
| CVE-2024-13698 | Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation | Astoundify | Jobify - Job Board WordPress Theme | Medium | 6.5 | 2025-01-24 15:21:44 | Deep Dive |
| CVE-2024-13572 | Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting | nfusionsolutions | Precious Metals Charts and Widgets for WordPress | Medium | 6.4 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2024-13422 | SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting | suhas93 | SEO Blogger to WordPress Migration using 301 Redirection | Medium | 6.1 | 2025-01-23 11:13:29 | Deep Dive |
| CVE-2025-23931 | WordPress WordPress Local SEO plugin <= 2.3 - SQL Injection vulnerability | Oliver Fuhrmann | WordPress Local SEO | Critical | 9.3 | 2025-01-22 14:29:24 | Deep Dive |
| CVE-2025-23867 | WordPress WordPress File Search Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | markcoker | WordPress File Search | High | 7.1 | 2025-01-22 14:29:23 | Deep Dive |
| CVE-2025-23535 | WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability | martin_ziegert | REAL WordPress Sidebar | High | 7.1 | 2025-01-22 14:29:14 | Deep Dive |
| CVE-2024-13496 | GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.5 | 2025-01-22 11:07:59 | Deep Dive |
| CVE-2024-13499 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2025-01-22 11:07:58 | Deep Dive |
| CVE-2024-13495 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2025-01-22 11:07:57 | Deep Dive |
| CVE-2024-12879 | WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation | QuantumCloud | WPBot Pro Wordpress Chatbot | Medium | 4.3 | 2025-01-22 05:23:05 | Deep Dive |
| CVE-2024-13091 | WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload | QuantumCloud | WPBot Pro Wordpress Chatbot | Critical | 9.8 | 2025-01-21 23:20:51 | Deep Dive |
| CVE-2025-22735 | WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | Steve Burge | WordPress Tag Cloud Plugin – Tag Groups | High | 7.1 | 2025-01-21 13:40:35 | Deep Dive |
| CVE-2024-49333 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability | NotFound | Hero Mega Menu - Responsive WordPress Menu Plugin | High | 8.5 | 2025-01-21 13:40:33 | Deep Dive |
| CVE-2024-49303 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability | NotFound | Hero Mega Menu - Responsive WordPress Menu Plugin | High | 8.5 | 2025-01-21 13:40:33 | Deep Dive |
| CVE-2024-49300 | WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability | NotFound | Hero Mega Menu - Responsive WordPress Menu Plugin | High | 7.1 | 2025-01-21 13:40:32 | Deep Dive |
| CVE-2024-13184 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 7.5 | 2025-01-18 08:26:39 | Deep Dive |
| CVE-2025-0515 | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update | cmsmasters | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme | Medium | 4.3 | 2025-01-18 07:05:07 | Deep Dive |
| CVE-2024-10799 | Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.5 | 2025-01-17 05:29:28 | Deep Dive |