| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22359 | WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | AA-Team | Wordpress Movies Bulk Importer | - | - | 2026-01-22 16:56:49 | Deep Dive |
| CVE-2026-22382 | WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability | Mikado-Themes | PawFriends - Pet Shop and Veterinary WordPress Theme | - | - | 2026-01-22 16:52:36 | Deep Dive |
| CVE-2026-22358 | WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability | SmartDataSoft | Electrician - Electrical Service WordPress | - | - | 2026-01-22 16:52:35 | Deep Dive |
| CVE-2025-69004 | WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability | XpeedStudio | Bajaar - Highly Customizable WooCommerce WordPress Theme | - | - | 2026-01-22 16:52:17 | Deep Dive |
| CVE-2025-53240 | WordPress WordPress Photo Gallery plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability | adamlabs | WordPress Photo Gallery | High | 7.1 | 2026-01-22 16:51:45 | Deep Dive |
| CVE-2025-49043 | WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Magic Responsive Slider and Carousel WordPress | High | 7.1 | 2026-01-22 16:51:41 | Deep Dive |
| CVE-2025-15521 | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover | kodezen | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | Critical | 9.8 | 2026-01-21 01:23:32 | Deep Dive |
| CVE-2025-14798 | LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-20 03:25:18 | Deep Dive |
| CVE-2026-1051 | Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription | satollo | Newsletter – Send awesome emails from WordPress | Medium | 4.3 | 2026-01-20 01:22:46 | Deep Dive |
| CVE-2025-12168 | Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion | memsource | Phrase TMS Integration for WordPress | Medium | 4.3 | 2026-01-17 04:34:01 | Deep Dive |
| CVE-2026-0820 | RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders | sweetdaisy86 | RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress | Medium | 4.3 | 2026-01-17 03:24:24 | Deep Dive |
| CVE-2025-14793 | DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery | torstenbulk | DK PDF – WordPress PDF Generator | Medium | 5.0 | 2026-01-16 06:43:22 | Deep Dive |
| CVE-2025-12641 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 6.5 | 2026-01-16 04:44:35 | Deep Dive |
| CVE-2025-12895 | Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request | Laborator | Kalium 3 | Creative WordPress & WooCommerce Theme | Medium | 5.3 | 2026-01-15 13:23:24 | Deep Dive |
| CVE-2025-14846 | SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update | socialchampio | Auto Post to Social Media from Social Champ | Medium | 4.3 | 2026-01-14 06:40:08 | Deep Dive |
| CVE-2025-14615 | DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection | dashboardbuilder | DASHBOARD BUILDER – WordPress plugin for Charts and Graphs | High | 7.1 | 2026-01-14 05:28:04 | Deep Dive |
| CVE-2023-54333 | Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter | Wordpress | Social-Share-Buttons | High | 8.2 | 2026-01-13 22:56:46 | Deep Dive |
| CVE-2025-9427 | Admin reflected XSS | Lemonsoft | WordPress add-on | - | - | 2026-01-13 13:39:02 | Deep Dive |
| CVE-2025-13967 | Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute | woodpeckerleadform | Woodpecker for WordPress | Medium | 6.4 | 2026-01-09 11:15:32 | Deep Dive |
| CVE-2025-13749 | Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering | creativemotion | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | Medium | 4.3 | 2026-01-09 05:25:21 | Deep Dive |