| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12628 | WP 2FA < 3.0.0 - Second Factor Bypass | Unknown | WP 2FA | - | - | 2025-11-24 12:58:37 | Deep Dive |
| CVE-2025-12629 | Broken Link Manager <= 0.6.5 - Reflected XSS | Unknown | Broken Link Manager | - | - | 2025-11-24 06:00:07 | Deep Dive |
| CVE-2025-12569 | WP Front User Submit < 5.0.0 - Open Redirect | Unknown | Guest posting / Frontend Posting / Front Editor | - | - | 2025-11-24 06:00:07 | Deep Dive |
| CVE-2025-12394 | Backup Migration < 2.0.0 - Unauthenticated Backup Download | Unknown | Backup Migration | - | - | 2025-11-24 06:00:06 | Deep Dive |
| CVE-2024-14015 | Studiocart <= 2.9.0 - Reflected XSS | Unknown | WordPress eCommerce Plugin | - | - | 2025-11-24 06:00:03 | Deep Dive |
| CVE-2025-11127 | Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation | Unknown | Mstoreapp Mobile App | 中危 | - | 2025-11-21 13:41:08 | Deep Dive |
| CVE-2025-12502 | Attention Bar <= 0.7.2.1 - Admin+ SQLi | Unknown | attention-bar | 中危 | - | 2025-11-20 06:00:03 | Deep Dive |
| CVE-2025-12057 | WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload | Unknown | WavePlayer | - | - | 2025-11-19 06:00:05 | Deep Dive |
| CVE-2025-9501 | W3 Total Cache < 2.8.13 - Unauthenticated Command Injection | Unknown | W3 Total Cache | - | - | 2025-11-17 06:00:02 | Deep Dive |
| CVE-2025-10686 | Creta Testimonial Showcase < 1.2.4 - Editor+ Local File Inclusion | Unknown | Creta Testimonial Showcase | 中危 | - | 2025-11-14 06:00:09 | Deep Dive |
| CVE-2025-11560 | Team Members Showcase < 3.5.0 - Reflected XSS | Unknown | Team Members Showcase | 中危 | - | 2025-11-12 06:00:09 | Deep Dive |
| CVE-2025-11855 | Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation | Unknown | age-restriction | 中危 | - | 2025-11-11 06:00:08 | Deep Dive |
| CVE-2025-11307 | WP Google Maps < 9.0.48 - Unauthenticated Stored XSS | Unknown | WP Go Maps (formerly WP Google Maps) | 中危 | - | 2025-11-11 06:00:07 | Deep Dive |
| CVE-2025-11237 | Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update | Unknown | Make Email Customizer for WooCommerce | 中危 | - | 2025-11-11 06:00:04 | Deep Dive |
| CVE-2025-6027 | Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest | Unknown | Ace User Management | 中危 | - | 2025-11-05 06:00:08 | Deep Dive |
| CVE-2025-11072 | Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download | Unknown | MelAbu WP Download Counter Button | 中危 | - | 2025-11-05 06:00:07 | Deep Dive |
| CVE-2025-10873 | Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending | Unknown | ElementInvader Addons for Elementor | 中危 | - | 2025-11-05 06:00:07 | Deep Dive |
| CVE-2025-10567 | FunnelKit < 3.12.0.1 - Reflected XSS | Unknown | FunnelKit | 中危 | - | 2025-11-05 06:00:03 | Deep Dive |
| CVE-2025-5397 | Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass | Unknown | Noo JobMonster | Critical | 9.8 | 2025-10-31 06:42:55 | Deep Dive |
| CVE-2025-11191 | RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST | Unknown | RealPress | 中危 | - | 2025-10-31 06:00:03 | Deep Dive |