| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-61837 | Format Plugins | Heap-based Buffer Overflow (CWE-122) | Adobe | Format Plugins | High | 7.8 | 2025-11-11 18:58:47 | Deep Dive |
| CVE-2025-61838 | Format Plugins | Heap-based Buffer Overflow (CWE-122) | Adobe | Format Plugins | High | 7.8 | 2025-11-11 18:58:46 | Deep Dive |
| CVE-2025-61841 | Format Plugins | Out-of-bounds Read (CWE-125) | Adobe | Format Plugins | Medium | 5.5 | 2025-11-11 18:58:45 | Deep Dive |
| CVE-2025-61844 | Format Plugins | Out-of-bounds Read (CWE-125) | Adobe | Format Plugins | Medium | 5.5 | 2025-11-11 18:58:44 | Deep Dive |
| CVE-2025-61842 | Format Plugins | Use After Free (CWE-416) | Adobe | Format Plugins | Medium | 5.5 | 2025-11-11 18:58:44 | Deep Dive |
| CVE-2025-58638 | WordPress Institutions Directory Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability | e-plugins | Institutions Directory | 中危 | - | 2025-11-06 15:54:28 | Deep Dive |
| CVE-2025-12401 | Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | theode | Label Plugins | Medium | 6.1 | 2025-11-04 03:26:46 | Deep Dive |
| CVE-2025-10897 | WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read | JMA Plugins | WooCommerce Designer Pro | High | 8.6 | 2025-10-31 07:26:40 | Deep Dive |
| CVE-2025-6440 | WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload | JMA Plugins | WooCommerce Designer Pro | Critical | 9.8 | 2025-10-24 07:23:28 | Deep Dive |
| CVE-2025-59048 | OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method | openbao | openbao-plugins | High | 8.1 | 2025-10-23 15:09:07 | Deep Dive |
| CVE-2025-53238 | WordPress Toast Mobile Menu plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | Toast Plugins | Toast Mobile Menu | High | 7.1 | 2025-10-22 14:32:30 | Deep Dive |
| CVE-2025-52748 | WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability | e-plugins | Directory Pro | - | - | 2025-10-22 14:32:24 | Deep Dive |
| CVE-2025-6439 | WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion | JMA Plugins | WooCommerce Designer Pro | Critical | 9.8 | 2025-10-11 09:28:38 | Deep Dive |
| CVE-2025-60147 | WordPress HT Feed Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability | HT Plugins | HT Feed | Medium | 6.5 | 2025-09-26 08:31:51 | Deep Dive |
| CVE-2025-53463 | WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability | HT Plugins | HT Mega – Absolute Addons for WPBakery Page Builder | Medium | 6.5 | 2025-09-22 18:25:36 | Deep Dive |
| CVE-2025-57948 | WordPress Directory Pro Plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability | e-plugins | Directory Pro | Medium | 6.5 | 2025-09-22 18:24:53 | Deep Dive |
| CVE-2025-8479 | Zoho Flow <= 2.14.1 - Cross-Site Request Forgery | zohoflow | Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation | Medium | 4.3 | 2025-09-11 06:43:51 | Deep Dive |
| CVE-2025-58625 | WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability | Spiffy Plugins | WP Flow Plus | Medium | 5.9 | 2025-09-03 14:36:53 | Deep Dive |
| CVE-2025-58623 | WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability | Bohemia Plugins | Event Feed for Eventbrite | Medium | 6.5 | 2025-09-03 14:36:51 | Deep Dive |
| CVE-2025-58613 | WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability | Barn2 Plugins | Posts Table with Search & Sort | Medium | 5.3 | 2025-09-03 14:36:47 | Deep Dive |