| CVE-2026-2509 | Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2026-04-08 13:26:00 | Deep Dive |
| CVE-2026-39469 | WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerability | Softaculous | PageLayer | - | - | 2026-04-08 08:30:08 | Deep Dive |
| CVE-2026-2442 | Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 5.3 | 2026-03-28 09:27:10 | Deep Dive |
| CVE-2025-13085 | SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure | softaculous | SiteSEO – SEO Simplified | Medium | 4.3 | 2025-11-19 06:45:25 | Deep Dive |
| CVE-2025-12814 | SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset | softaculous | SiteSEO – SEO Simplified | Medium | 5.3 | 2025-11-19 05:45:16 | Deep Dive |
| CVE-2025-12366 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-11-13 03:27:37 | Deep Dive |
| CVE-2025-12367 | SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update | softaculous | SiteSEO – SEO Simplified | Medium | 4.3 | 2025-11-01 03:34:36 | Deep Dive |
| CVE-2025-10307 | Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion | softaculous | Backuply – Backup, Restore, Migrate and Clone | Medium | 6.5 | 2025-09-26 06:43:28 | Deep Dive |
| CVE-2025-9277 | SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression | softaculous | SiteSEO – SEO Simplified | Medium | 6.4 | 2025-08-26 22:26:51 | Deep Dive |
| CVE-2025-4223 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.7 | 2025-05-24 04:25:19 | Deep Dive |
| CVE-2024-13427 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2025-05-24 01:41:10 | Deep Dive |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-13 04:21:05 | Deep Dive |
| CVE-2024-13430 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-12 08:21:37 | Deep Dive |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-10 04:21:11 | Deep Dive |
| CVE-2025-24573 | WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability | Softaculous | PageLayer | Medium | 6.5 | 2025-01-24 17:24:24 | Deep Dive |
| CVE-2023-49196 | WordPress Pagelayer plugin <= 1.7.7 - Broken Access Control vulnerability | Softaculous | PageLayer | Medium | 4.3 | 2024-12-09 11:30:17 | Deep Dive |
| CVE-2024-11010 | FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion | softaculous | FileOrganizer – WordPress File Manager | High | 7.2 | 2024-12-07 09:27:06 | Deep Dive |
| CVE-2024-10097 | Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider | Softaculous | Loginizer Security | High | 8.1 | 2024-11-05 06:42:47 | Deep Dive |
| CVE-2024-7985 | FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload | softaculous | FileOrganizer – WordPress File Manager | High | 7.5 | 2024-10-29 15:31:55 | Deep Dive |
| CVE-2024-8669 | Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection | softaculous | Backuply – Backup, Restore, Migrate and Clone | Critical | 9.1 | 2024-09-14 03:30:06 | Deep Dive |