| CVE-2026-6293 | Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter | udamadu | Inquiry form to posts or pages | Medium | 4.3 | 2026-04-15 06:46:19 | Deep Dive |
| CVE-2026-3618 | Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute | bestweblayout | Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets | Medium | 6.4 | 2026-04-08 06:43:42 | Deep Dive |
| CVE-2026-5169 | Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field | udamadu | Inquiry form to posts or pages | Medium | 4.4 | 2026-04-08 06:43:39 | Deep Dive |
| CVE-2026-2294 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update | admintwentytwenty | UiPress lite | Effortless custom dashboards, admin themes and pages | Medium | 4.3 | 2026-03-21 03:26:48 | Deep Dive |
| CVE-2026-1883 | Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion | wickedplugins | Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types | Medium | 4.3 | 2026-03-15 01:19:06 | Deep Dive |
| CVE-2026-1086 | Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update | wpsolutions | Font Pairing Preview For Landing Pages | Medium | 4.3 | 2026-03-07 07:22:09 | Deep Dive |
| CVE-2025-67974 | WordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerability | WP Legal Pages | WPLegalPages | High | 7.5 | 2026-02-20 15:46:30 | Deep Dive |
| CVE-2026-24328 | Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER) | SAP_SE | Business Server Pages Application (TAF_APPLAUNCHER) | Medium | 6.1 | 2026-02-10 03:04:55 | Deep Dive |
| CVE-2025-46316 | Apple多款产品 安全漏洞 | Apple | Pages | - | - | 2026-01-28 17:26:19 | Deep Dive |
| CVE-2025-14865 | Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpchill | Passster – Password Protect Pages and Content | Medium | 6.4 | 2026-01-28 12:28:37 | Deep Dive |
| CVE-2025-49055 | WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability | kamleshyadav | WP Lead Capturing Pages | Critical | 9.3 | 2026-01-22 16:51:43 | Deep Dive |
| CVE-2025-49050 | WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability | kamleshyadav | WP Lead Capturing Pages | High | 8.5 | 2026-01-22 16:51:42 | Deep Dive |
| CVE-2026-0497 | Missing Authorization check in Business Server Pages Application (Product Designer Web UI) | SAP_SE | Business Server Pages Application (Product Designer Web UI) | Medium | 4.3 | 2026-01-13 01:13:36 | Deep Dive |
| CVE-2026-0627 | AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload | mohammed_kaludi | AMP for WP – Accelerated Mobile Pages | Medium | 6.4 | 2026-01-09 08:20:46 | Deep Dive |
| CVE-2025-12640 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement | premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | Medium | 4.3 | 2026-01-08 02:21:17 | Deep Dive |
| CVE-2025-14110 | WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute | pichel | WP Js List Pages Shortcodes | Medium | 6.4 | 2026-01-07 09:20:55 | Deep Dive |
| CVE-2025-13496 | Moosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion | moosend | Moosend Landing Pages | Medium | 5.3 | 2026-01-07 08:21:56 | Deep Dive |
| CVE-2025-14468 | AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission | mohammed_kaludi | AMP for WP – Accelerated Mobile Pages | Medium | 4.3 | 2026-01-07 04:32:04 | Deep Dive |
| CVE-2025-66080 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability | WP Legal Pages | WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Medium | 5.3 | 2025-12-30 16:10:41 | Deep Dive |
| CVE-2025-66133 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability | WP Legal Pages | WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Medium | 5.3 | 2025-12-16 08:12:55 | Deep Dive |