| CVE-2026-6601 | Lagom WHMCS Template Datatables resource consumption | Lagom | WHMCS Template | Medium | 4.3 | 2026-04-20 03:30:15 | Deep Dive |
| CVE-2026-3498 | BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute | wpblockart | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | Medium | 6.4 | 2026-04-11 01:24:59 | Deep Dive |
| CVE-2026-34481 | Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout | Apache Software Foundation | Apache Log4j JSON Template Layout | 中危 | - | 2026-04-10 15:43:00 | Deep Dive |
| CVE-2026-32289 | JsBraceDepth Context Tracking Bugs (XSS) in html/template | Go standard library | html/template | - | - | 2026-04-08 01:06:56 | Deep Dive |
| CVE-2026-4800 | lodash vulnerable to Code Injection via `_.template` imports key names | lodash | lodash | High | 8.1 | 2026-03-31 19:25:56 | Deep Dive |
| CVE-2026-4239 | Lagom WHMCS Template Datatables prototype pollution | Lagom | WHMCS Template | Low | 3.5 | 2026-03-16 13:02:09 | Deep Dive |
| CVE-2026-27142 | URLs in meta content attribute actions are not escaped in html/template | Go standard library | html/template | 中危 | - | 2026-03-06 21:28:15 | Deep Dive |
| CVE-2026-21628 | Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla | astroidframe.work | Astroid Template Framework | 中危 | - | 2026-03-05 09:24:48 | Deep Dive |
| CVE-2026-22350 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | Medium | 6.5 | 2026-02-20 15:47:01 | Deep Dive |
| CVE-2025-69390 | WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | themebon | Business Template Blocks for WPBakery (Visual Composer) Page Builder | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2025-14283 | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpblockart | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | Medium | 6.4 | 2026-01-28 11:23:41 | Deep Dive |
| CVE-2026-24386 | WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability | Element Invader | Element Invader – Template Kits for Elementor | Medium | 4.3 | 2026-01-22 16:52:47 | Deep Dive |
| CVE-2026-0831 | Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write | wpdevteam | Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! | Medium | 5.3 | 2026-01-10 09:22:18 | Deep Dive |
| CVE-2025-68607 | WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability | Hiroaki Miyashita | Custom Field Template | Medium | 6.5 | 2025-12-29 21:10:51 | Deep Dive |
| CVE-2025-62926 | WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability | HappyDevs | TempTool [Show Current Template Info] | Medium | 6.5 | 2025-12-21 21:10:00 | Deep Dive |
| CVE-2025-62955 | WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Sensitive Data Exposure vulnerability | HappyDevs | TempTool [Show Current Template Info] | Medium | 4.3 | 2025-12-21 21:06:31 | Deep Dive |
| CVE-2025-60084 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | High | 8.8 | 2025-12-18 07:22:08 | Deep Dive |
| CVE-2025-60080 | WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability | add-ons.org | PDF for Gravity Forms + Drag And Drop Template Builder | - | - | 2025-12-18 07:22:07 | Deep Dive |
| CVE-2025-8687 | Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets | themelooks | Enter Addons – Ultimate Template Builder for Elementor | Medium | 6.4 | 2025-12-13 08:21:15 | Deep Dive |
| CVE-2025-14050 | Design Import/Export <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import | uxl | Design Import/Export – Styles, Templates, Template Parts and Patterns | Medium | 4.9 | 2025-12-13 03:20:27 | Deep Dive |