| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-49509 | WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability | Roland Beaussant | Audio Editor & Recorder | Medium | 5.3 | 2025-06-10 12:40:49 | Deep Dive |
| CVE-2025-4671 | Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-06-03 11:22:26 | Deep Dive |
| CVE-2025-1725 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads | bitpressadmin | File Manager | Medium | 6.4 | 2025-06-03 08:21:52 | Deep Dive |
| CVE-2024-7073 | Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services | WSO2 | WSO2 Identity Server as Key Manager | Medium | 6.5 | 2025-06-02 16:38:33 | Deep Dive |
| CVE-2024-10631 | Countdown Timer <= 1.0.5 - Contributor+ Stored XSS | Unknown | Countdown Timer for WordPress Block Editor | - | - | 2025-05-15 20:06:45 | Deep Dive |
| CVE-2025-47617 | WordPress WP Front User Submit / Front Editor plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability | aharonyan | WP Front User Submit / Front Editor | Medium | 5.9 | 2025-05-07 14:20:33 | Deep Dive |
| CVE-2025-2893 | Gutenverse <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via countdown Block | jegstudio | Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem | Medium | 6.4 | 2025-04-29 06:37:47 | Deep Dive |
| CVE-2025-23958 | WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability | FADI MED | Editor Wysiwyg Background Color | Medium | 6.5 | 2025-04-17 15:48:26 | Deep Dive |
| CVE-2025-3294 | WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update | benjaminprojas | WP Editor | High | 7.2 | 2025-04-17 05:23:20 | Deep Dive |
| CVE-2025-3295 | WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read | benjaminprojas | WP Editor | Medium | 4.9 | 2025-04-17 05:23:19 | Deep Dive |
| CVE-2025-39512 | WordPress Bulk Term Editor plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) Vulnerability | Yuya Hoshino | Bulk Term Editor | Medium | 4.3 | 2025-04-16 12:45:54 | Deep Dive |
| CVE-2025-2314 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-04-16 01:45:02 | Deep Dive |
| CVE-2025-31035 | WordPress WP Editor.md – The Perfect Markdown Editor plugin <= 10.2.1 - Cross Site Scripting (XSS) Vulnerability | Benjamin Chris | WP Editor.md – The Perfect WordPress Markdown Editor | Medium | 5.9 | 2025-04-09 16:10:12 | Deep Dive |
| CVE-2025-3064 | WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function | syammohanm | WPFront User Role Editor | High | 8.8 | 2025-04-08 08:22:10 | Deep Dive |
| CVE-2025-31736 | WordPress Rich Text Editor Plugin <= 1.0.1 - Broken Access Control vulnerability | richtexteditor | Rich Text Editor | Medium | 6.5 | 2025-04-03 13:27:13 | Deep Dive |
| CVE-2025-30580 | WordPress DigiWidgets Image Editor plugin <= 1.10 - Remote Code Execution (RCE) Vulnerability | kellydiek | DigiWidgets Image Editor | Critical | 10.0 | 2025-04-01 20:58:07 | Deep Dive |
| CVE-2025-31808 | WordPress SCSS WP Editor plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | itpathsolutions | SCSS WP Editor | Medium | 4.3 | 2025-04-01 14:51:39 | Deep Dive |
| CVE-2025-31752 | WordPress Bulk Fields Editor plugin <= 1.8.0 - Broken Access Control vulnerability | termel | Bulk Fields Editor | Medium | 4.3 | 2025-04-01 14:51:12 | Deep Dive |
| CVE-2025-31623 | WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | richtexteditor | Rich Text Editor | High | 7.1 | 2025-03-31 12:55:45 | Deep Dive |
| CVE-2025-22671 | WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability | Leap13 | Disable Elementor Editor Translation | Medium | 4.3 | 2025-03-27 14:13:57 | Deep Dive |