| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13770 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection | ThemeREX | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL | High | 8.1 | 2025-02-13 04:21:47 | Deep Dive |
| CVE-2025-0837 | Puzzles <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ThemeREX | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL | Medium | 6.4 | 2025-02-13 04:21:46 | Deep Dive |
| CVE-2024-13769 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | ThemeREX | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL | Medium | 6.4 | 2025-02-12 04:22:14 | Deep Dive |
| CVE-2024-13448 | ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data | ThemeREX | ThemeREX Addons | Critical | 9.8 | 2025-01-28 06:38:42 | Deep Dive |
| CVE-2025-0682 | ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode | ThemeREX | ThemeREX Addons | High | 8.8 | 2025-01-25 05:30:06 | Deep Dive |
| CVE-2024-6297 | Several WordPress.org Plugins <= Various Versions - Injected Backdoor | warfareplugins | Social Sharing Plugin – Social Warfare | Critical | 10.0 | 2024-06-25 03:30:38 | Deep Dive |