| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32518 | WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability | imithemes | Gaea | 中危 | - | 2026-03-25 16:15:07 | Deep Dive |
| CVE-2025-6758 | Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' | imithemes | Real Spaces - WordPress Properties Directory Theme | Critical | 9.8 | 2025-08-19 06:45:27 | Deep Dive |
| CVE-2025-8218 | Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' | imithemes | Real Spaces - WordPress Properties Directory Theme | High | 8.8 | 2025-08-19 06:45:27 | Deep Dive |
| CVE-2025-39483 | WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability | imithemes | Eventer | Medium | 6.5 | 2025-08-14 10:34:27 | Deep Dive |
| CVE-2025-39481 | WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability | imithemes | Eventer | Critical | 9.3 | 2025-05-16 15:45:27 | Deep Dive |
| CVE-2025-39482 | WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability | imithemes | Eventer | Medium | 4.3 | 2025-05-16 15:45:27 | Deep Dive |
| CVE-2025-2253 | IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset | imithemes | IMITHEMES Listing | Critical | 9.8 | 2025-05-09 06:42:35 | Deep Dive |
| CVE-2025-0959 | Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id | imithemes | Eventer - WordPress Event & Booking Manager Plugin | High | 8.8 | 2025-03-07 08:21:27 | Deep Dive |
| CVE-2025-22635 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability | imithemes | Eventer | High | 7.1 | 2025-02-23 22:55:07 | Deep Dive |
| CVE-2024-11132 | Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.4 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 4.3 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11133 | Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 5.3 | 2025-02-03 19:22:44 | Deep Dive |
| CVE-2024-11135 | Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees | imithemes | Eventer - WordPress Event & Booking Manager Plugin | High | 7.5 | 2025-01-28 04:21:33 | Deep Dive |
| CVE-2024-10799 | Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.5 | 2025-01-17 05:29:28 | Deep Dive |