| CVE-2025-69302 | WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability | designthemes | DesignThemes Core Features | - | - | 2026-02-20 15:46:47 | Deep Dive |
| CVE-2025-13980 | CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118 | Drupal | CKEditor 5 Premium Features | - | - | 2026-01-28 20:01:17 | Deep Dive |
| CVE-2025-12379 | Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2026-01-10 13:47:35 | Deep Dive |
| CVE-2025-13215 | Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure | averta | Shortcodes and extra features for Phlox theme | Medium | 5.3 | 2026-01-06 06:36:26 | Deep Dive |
| CVE-2025-69016 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability | averta | Shortcodes and extra features for Phlox theme | 中危 | - | 2025-12-30 10:47:54 | Deep Dive |
| CVE-2025-63071 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability | averta | Shortcodes and extra features for Phlox theme | - | - | 2025-12-09 14:52:36 | Deep Dive |
| CVE-2025-12497 | Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path] | averta | Premium Portfolio Features for Phlox theme | High | 8.1 | 2025-11-05 11:24:40 | Deep Dive |
| CVE-2025-12582 | Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset | klicher | Features | Medium | 4.3 | 2025-11-05 02:25:53 | Deep Dive |
| CVE-2025-5678 | Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-07-09 01:44:51 | Deep Dive |
| CVE-2025-0845 | DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | designthemes | DesignThemes Core Features | Medium | 6.4 | 2025-03-25 05:22:48 | Deep Dive |
| CVE-2024-13471 | DesignThemes Core Features <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file | designthemes | DesignThemes Core Features | High | 7.5 | 2025-03-05 11:22:09 | Deep Dive |
| CVE-2025-1291 | Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-03-01 08:23:21 | Deep Dive |
| CVE-2024-13834 | Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request | cyberchimps | Responsive Plus – Elementor Templates & Starter Sites | Medium | 5.4 | 2025-02-15 14:21:22 | Deep Dive |
| CVE-2024-13641 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.9 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-13692 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.4 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-50500 | WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability | averta | Shortcodes and extra features for Phlox theme | Medium | 4.3 | 2025-02-03 14:23:50 | Deep Dive |
| CVE-2024-13694 | WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function | moreconvert | MoreConvert Wishlist for WooCommerce | High | 7.5 | 2025-01-30 08:21:26 | Deep Dive |
| CVE-2024-12304 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-01-11 03:21:03 | Deep Dive |
| CVE-2024-12588 | Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-12-21 08:24:00 | Deep Dive |
| CVE-2024-9545 | Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-12-21 08:23:59 | Deep Dive |