| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2028 | Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter | ckp267 | MaxiBlocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites | Medium | 5.3 | 2026-04-24 03:27:07 | Deep Dive |
| CVE-2026-1913 | Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute | gallagherwebsitedesign | Gallagher Website Design | Medium | 6.4 | 2026-04-22 09:27:21 | Deep Dive |
| CVE-2025-15636 | WordPress YouTube Showcase plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability | emarket-design | YouTube Showcase | Medium | 6.5 | 2026-04-15 15:55:52 | Deep Dive |
| CVE-2026-25383 | WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability | Iqonic Design | KiviCare | High | 7.1 | 2026-03-25 16:14:47 | Deep Dive |
| CVE-2026-25034 | WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability | Iqonic Design | KiviCare | Medium | 6.5 | 2026-03-25 16:14:39 | Deep Dive |
| CVE-2025-12518 | Stored XSS in beefree.io | Bee Content Design | Befree SDK | 中危 | - | 2026-03-18 11:03:28 | Deep Dive |
| CVE-2025-8668 | Reflected XSS in E-Kalite Software Hardware Engineering's Turboard | E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. | Turboard | Critical | 9.4 | 2026-02-11 13:34:33 | Deep Dive |
| CVE-2026-25022 | WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability | Iqonic Design | KiviCare | - | - | 2026-02-03 14:08:41 | Deep Dive |
| CVE-2025-6397 | XSS in Ankara Hosting's web site | Ankara Hosting Website Design | Website Software | High | 8.6 | 2026-02-03 12:15:05 | Deep Dive |
| CVE-2025-7714 | Time Based SQLi in Global Medya's PHP CMS | Global Interactive Design Media Software Inc. | Content Management System (CMS) | High | 7.5 | 2026-01-29 14:44:12 | Deep Dive |
| CVE-2025-7713 | Reflected XSS in Global Medya's PHP CMS | Global Interactive Design Media Software Inc. | Content Management System (CMS) | High | 7.5 | 2026-01-29 14:38:41 | Deep Dive |
| CVE-2026-24630 | WordPress Stylish Cost Calculator plugin <= 8.2.9 - Cross Site Scripting (XSS) vulnerability | Design | Stylish Cost Calculator | Medium | 6.5 | 2026-01-23 14:29:08 | Deep Dive |
| CVE-2026-24544 | WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability | Harmonic Design | HD Quiz | 中危 | - | 2026-01-23 14:28:53 | Deep Dive |
| CVE-2025-68912 | WordPress HDForms plugin <= 1.6.1 - Arbitrary File Deletion vulnerability | Harmonic Design | HDForms | High | 8.6 | 2026-01-22 16:52:15 | Deep Dive |
| CVE-2025-40805 | Siemens Industrial Edge Devices 安全漏洞 | Siemens | Industrial Edge Cloud Device (IECD) | Critical | 10.0 | 2026-01-13 09:44:03 | Deep Dive |
| CVE-2025-23705 | WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability | Terry Zielke | Zielke Design Project Gallery | High | 7.1 | 2025-12-31 19:55:23 | Deep Dive |
| CVE-2025-62757 | WordPress WebMan Amplifier plugin <= 1.5.12 - Cross Site Scripting (XSS) vulnerability | WebMan Design | Oliver Juhas | WebMan Amplifier | Medium | 6.5 | 2025-12-31 11:53:13 | Deep Dive |
| CVE-2025-67632 | WordPress Google AdSense for Responsive Design – GARD plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability | The Plugin Factory | Google AdSense for Responsive Design – GARD | Medium | 5.9 | 2025-12-24 13:10:24 | Deep Dive |
| CVE-2025-10021 | Open Design Alliance Drawings SDK 安全漏洞 | Open Design Alliance | ODA Drawings SDK - All Versions < 2026.12 | - | - | 2025-12-22 15:48:07 | Deep Dive |
| CVE-2025-49902 | WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability | A WP Life | Login Page Customizer – Customizer Login Page, Admin Page, Custom Design | Medium | 6.5 | 2025-12-18 07:21:44 | Deep Dive |