| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13687 | Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update | labibahmed42 | Team Builder – Meet the Team | Medium | 4.3 | 2025-02-18 04:21:18 | Deep Dive |
| CVE-2024-13500 | WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 11:26:48 | Deep Dive |
| CVE-2024-13439 | Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update | techlabpro1 | Team – Team Members Showcase Plugin | Medium | 4.3 | 2025-02-15 11:26:48 | Deep Dive |
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 09:24:24 | Deep Dive |
| CVE-2025-24617 | WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability | AcyMailing Newsletter Team | AcyMailing SMTP Newsletter | High | 7.1 | 2025-02-14 12:44:35 | Deep Dive |
| CVE-2025-24565 | WordPress WP2LEADS plugin <= 3.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | Saleswonder Team: Tobias | WP2LEADS | High | 7.1 | 2025-02-14 12:44:34 | Deep Dive |
| CVE-2025-25202 | Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` | team-alembic | ash_authentication | 中危 | - | 2025-02-11 18:28:19 | Deep Dive |
| CVE-2025-22695 | WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability | NirWp Team | Nirweb support | Medium | 4.3 | 2025-02-03 14:23:53 | Deep Dive |
| CVE-2025-23920 | WordPress ApplicantPro Plugin <= 1.3.9 - Reflected Cross Site Scripting (XSS) vulnerability | Sourcing Team | ApplicantPro | High | 7.1 | 2025-02-03 14:22:45 | Deep Dive |
| CVE-2024-12320 | Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab' | markodonnell | Team Rosters | Medium | 6.1 | 2025-01-30 13:42:01 | Deep Dive |
| CVE-2025-24671 | WordPress Save as PDF Plugin by Pdfcrowd Plugin <= 4.4.0 - PHP Object Injection vulnerability | Pdfcrowd Dev Team | Save as PDF | Critical | 9.8 | 2025-01-27 14:22:17 | Deep Dive |
| CVE-2025-24591 | WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability | Ninja Team | GDPR CCPA Compliance Support | Medium | 4.3 | 2025-01-24 17:24:18 | Deep Dive |
| CVE-2025-23427 | WordPress Redux Converter plugin <= 1.1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | David Anderson / Team Updraft | Redux Converter | High | 7.1 | 2025-01-24 10:52:55 | Deep Dive |
| CVE-2025-23874 | WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | FalconTheme Team | WP Block Pack | High | 7.1 | 2025-01-22 14:29:23 | Deep Dive |
| CVE-2025-23512 | WordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerability | 118group | Team 118GROUP Agent | High | 7.5 | 2025-01-22 14:29:14 | Deep Dive |
| CVE-2024-56065 | WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | Saleswonder Team: Tobias | WP2LEADS | High | 7.1 | 2025-01-13 13:11:38 | Deep Dive |
| CVE-2024-12532 | BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | bestwpdeveloper | BWD Elementor Addons | Medium | 4.3 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-12633 | JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page | beardev | JoomSport – for Sports: Team & League, Football, Hockey & more | High | 7.1 | 2025-01-07 05:23:57 | Deep Dive |
| CVE-2024-12195 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-01-04 11:24:20 | Deep Dive |
| CVE-2024-56018 | WordPress BU Section Editing Plugin <= 0.9.9 - Reflected Cross Site Scripting (XSS) vulnerability | BU Web Team | BU Section Editing | High | 7.1 | 2025-01-02 12:01:11 | Deep Dive |