| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-3863 | Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function | plugindevs | Post Carousel Slider for Elementor | Medium | 4.3 | 2025-06-26 02:06:32 | Deep Dive |
| CVE-2025-52784 | WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | hideoguchi | Bluff Post | High | 7.1 | 2025-06-20 15:03:44 | Deep Dive |
| CVE-2025-52711 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability | BoldGrid | Post and Page Builder by BoldGrid | Medium | 4.3 | 2025-06-20 15:03:36 | Deep Dive |
| CVE-2025-52713 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability | BoldGrid | Post and Page Builder by BoldGrid | Medium | 6.4 | 2025-06-20 15:03:36 | Deep Dive |
| CVE-2025-5125 | Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS | Unknown | Custom Post Carousels with Owl | - | - | 2025-06-20 06:00:12 | Deep Dive |
| CVE-2025-49451 | WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin <= 1.0.13 - Directory Traversal Vulnerability | yannisraft | Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery | High | 7.5 | 2025-06-17 15:01:42 | Deep Dive |
| CVE-2025-49312 | WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability | CodeRevolution | Echo RSS Feed Post Generator Plugin for WordPress | High | 7.1 | 2025-06-17 15:01:24 | Deep Dive |
| CVE-2025-5673 | Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 6.5 | 2025-06-17 01:44:11 | Deep Dive |
| CVE-2025-4577 | Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute | smub | Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | Medium | 6.4 | 2025-06-10 11:22:53 | Deep Dive |
| CVE-2025-4840 | Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection | Unknown | inprosysmedia-likes-dislikes-post | - | - | 2025-06-10 06:00:08 | Deep Dive |
| CVE-2023-26003 | WordPress WP Post Corrector plugin <= 1.0.2 - SQL Injection Vulnerability | vipul Jariwala | WP Post Corrector | High | 7.6 | 2025-06-06 12:54:42 | Deep Dive |
| CVE-2025-28950 | WordPress Post Author plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | David Shabtai | Post Author | High | 7.1 | 2025-06-06 12:54:35 | Deep Dive |
| CVE-2025-29013 | WordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control Vulnerability | faaiq | Custom Category/Post Type Post order | Medium | 5.4 | 2025-06-06 12:54:25 | Deep Dive |
| CVE-2025-30942 | WordPress Post Custom Templates Lite plugin <= 1.14 - Cross Site Scripting (XSS) Vulnerability | OTWthemes | Post Custom Templates Lite | Medium | 5.9 | 2025-06-06 12:54:14 | Deep Dive |
| CVE-2025-30974 | WordPress Post Grid Master plugin <= 3.4.17 - Broken Access Control vulnerability | Akhtarujjaman Shuvo | Post Grid Master | Medium | 4.3 | 2025-06-06 12:54:08 | Deep Dive |
| CVE-2025-30968 | WordPress Advanced Post List plugin <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability | jokerbr313 | Advanced Post List | Medium | 5.4 | 2025-06-06 12:54:08 | Deep Dive |
| CVE-2025-49298 | WordPress Event post plugin <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability | Bastien Ho | Event post | Medium | 6.5 | 2025-06-06 12:53:47 | Deep Dive |
| CVE-2025-49294 | WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability | CodeRevolution | Crawlomatic Multisite Scraper Post Generator | Medium | 5.3 | 2025-06-06 12:53:46 | Deep Dive |
| CVE-2025-49293 | WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability | CodeRevolution | Crawlomatic Multisite Scraper Post Generator | Medium | 4.3 | 2025-06-06 12:53:46 | Deep Dive |
| CVE-2025-4567 | Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS | Unknown | Post Slider and Post Carousel with Post Vertical Scrolling Widget | - | - | 2025-06-03 06:00:18 | Deep Dive |