| CVE-2025-11171 | Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function | ays-pro | Chartify – WordPress Chart Plugin | Medium | 5.3 | 2025-10-08 05:24:49 | Deep Dive |
| CVE-2025-9946 | LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | lockerpress | LockerPress – WordPress Security Plugin | Medium | 6.1 | 2025-09-30 03:35:33 | Deep Dive |
| CVE-2025-9993 | Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion | d3rd4v1d | Bei Fen – WordPress Backup Plugin | High | 8.1 | 2025-09-30 03:35:27 | Deep Dive |
| CVE-2025-8565 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation | wplegalpages | Privacy Policy Generator – WPLP Legal Pages | High | 8.1 | 2025-09-18 09:31:29 | Deep Dive |
| CVE-2025-9216 | StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload | kodezen | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | High | 8.8 | 2025-09-17 06:17:49 | Deep Dive |
| CVE-2025-9215 | StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download | kodezen | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | Medium | 6.5 | 2025-09-17 06:17:48 | Deep Dive |
| CVE-2025-7718 | Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover | pixel_prime | Resideo Plugin for Resideo - Real Estate WordPress Theme | High | 8.8 | 2025-09-10 12:25:30 | Deep Dive |
| CVE-2025-9539 | AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation Creation | rubengc | AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | High | 8.0 | 2025-09-09 06:40:36 | Deep Dive |
| CVE-2025-9542 | AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions | rubengc | AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | Medium | 5.4 | 2025-09-09 06:40:35 | Deep Dive |
| CVE-2025-58862 | WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability | George Sexton | WordPress Events Calendar Plugin – connectDaily | Medium | 6.5 | 2025-09-05 13:45:41 | Deep Dive |
| CVE-2025-58855 | WordPress AP HoneyPot WordPress Plugin Plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | Denis V (Artprima) | AP HoneyPot WordPress Plugin | High | 7.1 | 2025-09-05 13:45:37 | Deep Dive |
| CVE-2025-4956 | WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability | AA-Team | Pro Bulk Watermark Plugin for WordPress | Medium | 4.3 | 2025-08-30 01:49:20 | Deep Dive |
| CVE-2025-53243 | WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability | emarket-design | Employee Directory – Staff Listing & Team Directory Plugin for WordPress | High | 8.1 | 2025-08-28 12:37:23 | Deep Dive |
| CVE-2025-49405 | WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability | Favethemes | Pro Bulk Watermark Plugin for WordPress | Medium | 4.3 | 2025-08-28 12:37:16 | Deep Dive |
| CVE-2025-48353 | WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | dactum | Clickbank WordPress Plugin (Niche Storefront) | High | 7.1 | 2025-08-28 12:37:05 | Deep Dive |
| CVE-2025-6247 | WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | ValvePress | WordPress Automatic Plugin | Medium | 4.7 | 2025-08-26 09:06:08 | Deep Dive |
| CVE-2024-8860 | Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 4.3 | 2025-08-26 07:06:04 | Deep Dive |
| CVE-2025-49411 | WordPress FAQ Revolution - WordPress Plugin <= 1.5.0 - Cross Site Scripting (XSS) Vulnerability | Vikas Sharma | FAQ Revolution - WordPress Plugin | High | 7.1 | 2025-08-20 08:03:45 | Deep Dive |
| CVE-2025-8604 | WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wptb | WP Table Builder – Drag & Drop Table Builder | Medium | 6.4 | 2025-08-15 07:24:40 | Deep Dive |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | Medium | 6.5 | 2025-08-14 10:34:02 | Deep Dive |