| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13090 | WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection | wpdirectorykit | WP Directory Kit | Medium | 4.9 | 2025-12-02 11:20:07 | Deep Dive |
| CVE-2025-13525 | WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter | wpdirectorykit | WP Directory Kit | Medium | 6.1 | 2025-11-27 05:31:57 | Deep Dive |
| CVE-2025-13414 | Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export | gwendydd | Chamber Dashboard Business Directory | Medium | 5.3 | 2025-11-25 07:28:19 | Deep Dive |
| CVE-2025-13138 | WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function | wpdirectorykit | WP Directory Kit | High | 7.5 | 2025-11-21 09:27:00 | Deep Dive |
| CVE-2025-12778 | Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure | userelements | Ultimate Member Widgets for Elementor – WordPress User Directory | Medium | 5.3 | 2025-11-20 04:37:14 | Deep Dive |
| CVE-2025-12174 | Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update | wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads | Medium | 6.5 | 2025-11-19 05:45:14 | Deep Dive |
| CVE-2025-7711 | Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description | techlabpro1 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin | Medium | 5.4 | 2025-11-17 22:27:45 | Deep Dive |
| CVE-2025-12018 | MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting | sourcefound | MembershipWorks – Membership, Events & Directory | Medium | 4.4 | 2025-11-12 07:27:42 | Deep Dive |
| CVE-2025-12833 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment | paoltaia | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | Medium | 4.3 | 2025-11-12 04:29:09 | Deep Dive |
| CVE-2025-12953 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering | techlabpro1 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin | Medium | 4.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-58638 | WordPress Institutions Directory Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability | e-plugins | Institutions Directory | 中危 | - | 2025-11-06 15:54:28 | Deep Dive |
| CVE-2025-64219 | WordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerability | Strategy11 Team | Business Directory | - | - | 2025-10-29 08:38:10 | Deep Dive |
| CVE-2025-62982 | WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability | Sarah Giles | Dynamic User Directory | Medium | 5.9 | 2025-10-27 01:34:20 | Deep Dive |
| CVE-2025-10488 | Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move | wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads | High | 8.1 | 2025-10-25 06:49:21 | Deep Dive |
| CVE-2025-8413 | Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode | purethemes | Listeo - Directory & Listings With Booking - WordPress Theme | Medium | 6.4 | 2025-10-25 05:31:19 | Deep Dive |
| CVE-2025-52748 | WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability | e-plugins | Directory Pro | - | - | 2025-10-22 14:32:24 | Deep Dive |
| CVE-2025-49901 | WordPress Simple Link Directory plugin < 14.8.1 - Broken Authentication vulnerability | quantumcloud | Simple Link Directory | - | - | 2025-10-22 14:32:10 | Deep Dive |
| CVE-2025-11522 | Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover | Elated-Themes | Search & Go - Directory WordPress Theme | Critical | 9.8 | 2025-10-09 07:23:52 | Deep Dive |
| CVE-2025-60120 | WordPress WP Directory Kit plugin <= 1.4.0 - Broken Access Control vulnerability | WPDirectoryKit | WP Directory Kit | Medium | 5.3 | 2025-09-26 08:31:36 | Deep Dive |
| CVE-2025-10178 | CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | creativemindssolutions | CM Business Directory – Optimise and showcase local business | Medium | 6.4 | 2025-09-26 01:47:27 | Deep Dive |