| CVE-2024-13333 | Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload | saadiqbal | Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin | High | 7.5 | 2025-01-17 05:29:27 | Deep Dive |
| CVE-2025-23961 | WordPress WordPress Graphs & Charts Plugin <= 2.0.8 - Broken Access Control vulnerability | wptasker | WordPress Graphs & Charts | Medium | 5.4 | 2025-01-16 20:08:11 | Deep Dive |
| CVE-2025-23912 | WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability | Philipp Speck | WordPress Custom Sidebar | High | 8.5 | 2025-01-16 20:07:51 | Deep Dive |
| CVE-2025-23913 | WordPress Google Map Professional Plugin <= 1.0 - SQL Injection vulnerability | pankajpragma | WordPress Google Map Professional | High | 8.5 | 2025-01-16 20:07:50 | Deep Dive |
| CVE-2025-23842 | WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability | Nilesh Shiragave | WordPress Gallery Plugin | High | 7.1 | 2025-01-16 20:07:22 | Deep Dive |
| CVE-2025-23828 | WordPress WordPress Data Guard [Website Security] plugin <= 8 - CSRF to Stored XSS vulnerability | sindhi | WordPress Data Guard | High | 7.1 | 2025-01-16 20:07:18 | Deep Dive |
| CVE-2025-23823 | WordPress CNZZ&51LA for WordPress plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | jprintf | CNZZ&51LA for WordPress | High | 7.1 | 2025-01-16 20:07:16 | Deep Dive |
| CVE-2025-23510 | WordPress WordPress Logging Service plugin <= 1.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | Jan Štětina | WordPress Logging Service | High | 7.1 | 2025-01-16 20:06:13 | Deep Dive |
| CVE-2025-23435 | WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability | marcucci | Password Protect Plugin for WordPress | High | 7.1 | 2025-01-16 20:06:07 | Deep Dive |
| CVE-2025-23423 | WordPress SendGrid for WordPress plugin <= 1.4 - Broken Access Control vulnerability | Smackcoders Inc., | SendGrid for WordPress | Medium | 4.3 | 2025-01-16 20:05:46 | Deep Dive |
| CVE-2025-0170 | DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting | scriptsbundle | DWT - Directory & Listing WordPress Theme | Medium | 6.1 | 2025-01-16 01:49:03 | Deep Dive |
| CVE-2025-22762 | WordPress Octrace Support Pro plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability | Octrace | WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | Medium | 5.9 | 2025-01-15 15:23:24 | Deep Dive |
| CVE-2025-0394 | Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | High | 8.8 | 2025-01-14 08:23:14 | Deep Dive |
| CVE-2024-12412 | Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting | magepeopleteam | Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | Medium | 6.1 | 2025-01-11 07:21:53 | Deep Dive |
| CVE-2024-12473 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Authenticated (Contributor+) SQL Injection | opacewebdesign | Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic | Medium | 6.5 | 2025-01-10 03:21:30 | Deep Dive |
| CVE-2024-12606 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update | opacewebdesign | Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic | Medium | 4.3 | 2025-01-10 03:21:30 | Deep Dive |
| CVE-2025-22295 | WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability | Tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | 中危 | - | 2025-01-09 15:39:33 | Deep Dive |
| CVE-2025-22802 | WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability | add-ons.org | Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail | Medium | 6.5 | 2025-01-09 15:39:21 | Deep Dive |
| CVE-2024-12616 | Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update | bitlydeveloper | Bitly's WordPress Plugin | Medium | 4.3 | 2025-01-09 11:11:03 | Deep Dive |
| CVE-2024-11929 | Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting | mpc | Responsive FlipBook Plugin Wordpress | Medium | 6.4 | 2025-01-09 11:10:58 | Deep Dive |