| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13898 | Simple Banner <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | rpetersen29 | Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website | Medium | 4.4 | 2025-04-04 05:22:45 | Deep Dive |
| CVE-2025-31859 | WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability | Feedbucket | Feedbucket – Website Feedback Tool | Medium | 5.4 | 2025-04-01 14:52:05 | Deep Dive |
| CVE-2025-30604 | WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability | jiangqie | JiangQie Official Website Mini Program | High | 7.6 | 2025-03-24 13:47:24 | Deep Dive |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-13 04:21:05 | Deep Dive |
| CVE-2024-13430 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-12 08:21:37 | Deep Dive |
| CVE-2025-28932 | WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability | BCS Website Solutions | Insert Code | High | 7.1 | 2025-03-11 21:01:10 | Deep Dive |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-10 04:21:11 | Deep Dive |
| CVE-2025-2041 | s-a-zhd Ecommerce-Website-using-PHP shop.php sql injection | s-a-zhd | Ecommerce-Website-using-PHP | Medium | 6.3 | 2025-03-06 20:31:04 | Deep Dive |
| CVE-2025-2036 | s-a-zhd Ecommerce-Website-using-PHP details.php sql injection | s-a-zhd | Ecommerce-Website-using-PHP | Medium | 6.3 | 2025-03-06 18:31:05 | Deep Dive |
| CVE-2025-2035 | s-a-zhd Ecommerce-Website-using-PHP customer_register.php unrestricted upload | s-a-zhd | Ecommerce-Website-using-PHP | Medium | 6.3 | 2025-03-06 18:00:07 | Deep Dive |
| CVE-2024-9149 | SQLi in Wind Media's E-Commerce Website Template | Wind Media | E-Commerce Website Template | High | 8.6 | 2025-03-04 14:16:28 | Deep Dive |
| CVE-2025-1903 | Codezips Online Shopping Website cart_add.php sql injection | Codezips | Online Shopping Website | High | 7.3 | 2025-03-04 04:00:09 | Deep Dive |
| CVE-2025-1858 | Codezips Online Shopping Website success.php sql injection | Codezips | Online Shopping Website | High | 7.3 | 2025-03-03 08:31:04 | Deep Dive |
| CVE-2024-54444 | WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability | Elementor | Elementor Website Builder | Medium | 6.5 | 2025-02-25 14:17:50 | Deep Dive |
| CVE-2024-13873 | WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.3 | 2025-02-22 03:20:59 | Deep Dive |
| CVE-2024-13445 | Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-02-20 04:22:25 | Deep Dive |
| CVE-2024-13346 | Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.3 | 2025-02-13 06:58:05 | Deep Dive |
| CVE-2024-13372 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 5.3 | 2025-02-01 07:21:40 | Deep Dive |
| CVE-2024-13371 | WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 5.3 | 2025-02-01 07:21:40 | Deep Dive |
| CVE-2024-13428 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 5.3 | 2025-02-01 07:21:39 | Deep Dive |