| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14002 | WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP | whyun | WPCOM Member | High | 8.1 | 2025-12-16 09:20:10 | Deep Dive |
| CVE-2025-11920 | WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode | whyun | WPCOM Member | High | 8.8 | 2025-11-01 01:47:41 | Deep Dive |
| CVE-2025-39570 | WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability | Lomu | WPCOM Member | High | 8.8 | 2025-04-16 12:44:30 | Deep Dive |
| CVE-2025-2221 | WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection | whyun | WPCOM Member | High | 7.5 | 2025-03-14 06:43:18 | Deep Dive |
| CVE-2025-1475 | WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' | whyun | WPCOM Member | Critical | 9.8 | 2025-03-07 06:40:02 | Deep Dive |
| CVE-2024-47378 | WordPress WPCOM Member plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability | Lomu | WPCOM Member | High | 7.1 | 2024-10-05 15:10:28 | Deep Dive |
| CVE-2024-7493 | WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta | whyun | WPCOM Member | Critical | 9.8 | 2024-09-06 13:55:20 | Deep Dive |