| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-67719 | Ibexa User Bundle is missing password change validation | ibexa | user | - | - | 2025-12-11 01:16:16 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |
| CVE-2025-63030 | WordPress New User Approve plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerability | Saad Iqbal | New User Approve | - | - | 2025-12-09 14:52:29 | Deep Dive |
| CVE-2025-62735 | WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability | Joel | User Spam Remover | Medium | 5.3 | 2025-12-09 14:52:22 | Deep Dive |
| CVE-2025-67579 | WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability | vanquish | User Extra Fields | Medium | 5.3 | 2025-12-09 14:14:15 | Deep Dive |
| CVE-2025-12879 | User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation | vinoth06 | User Generator and Importer | High | 8.8 | 2025-12-05 09:27:02 | Deep Dive |
| CVE-2025-12374 | Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover | pickplugins | User Verification by PickPlugins | Critical | 9.8 | 2025-12-05 06:07:19 | Deep Dive |
| CVE-2025-13441 | Hide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing | themesupport | Hide Category by User Role for WooCommerce | Medium | 5.3 | 2025-11-27 06:42:13 | Deep Dive |
| CVE-2025-12160 | Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting | nmedia | Simple User Registration | High | 7.2 | 2025-11-21 09:27:01 | Deep Dive |
| CVE-2025-12778 | Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure | userelements | Ultimate Member Widgets for Elementor – WordPress User Directory | Medium | 5.3 | 2025-11-20 04:37:14 | Deep Dive |
| CVE-2025-13054 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-11-19 05:45:12 | Deep Dive |
| CVE-2025-12770 | New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling | saadiqbal | New User Approve | Medium | 5.3 | 2025-11-19 03:29:39 | Deep Dive |
| CVE-2025-13133 | Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection | vaniivan | Simple User Import Export | Medium | 6.6 | 2025-11-18 09:27:37 | Deep Dive |
| CVE-2025-11620 | Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation | jemoreto | Multiple Roles per User | High | 7.2 | 2025-11-18 08:27:31 | Deep Dive |
| CVE-2025-60245 | WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability | WP User Manager | WP User Manager | Critical | 9.8 | 2025-11-06 15:55:20 | Deep Dive |
| CVE-2025-60207 | WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability | Addify | Custom User Registration Fields for WooCommerce | Critical | 10.0 | 2025-11-06 15:55:06 | Deep Dive |
| CVE-2025-60193 | WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability | Premmerce | Premmerce User Roles | High | 7.5 | 2025-11-06 15:54:50 | Deep Dive |
| CVE-2025-53239 | WordPress User Registration Aide Plugin <= 1.5.3.8 - Cross Site Scripting (XSS) Vulnerability | bnovotny | User Registration Aide | High | 7.1 | 2025-11-06 15:53:59 | Deep Dive |
| CVE-2025-6027 | Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest | Unknown | Ace User Management | 中危 | - | 2025-11-05 06:00:08 | Deep Dive |
| CVE-2025-12158 | Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | tanvirahmed1984 | Simple User Capabilities | Critical | 9.8 | 2025-11-04 04:27:23 | Deep Dive |