| CVE-2025-1404 | Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function | ays-pro | Secure Copy Content Protection and Content Locking | Medium | 5.3 | 2025-03-01 11:22:48 | Deep Dive |
| CVE-2024-10152 | Simple Certain Time to Show Content < 1.3.1 - Reflected XSS | Unknown | Simple Certain Time to Show Content | 高危 | - | 2025-02-26 06:00:03 | Deep Dive |
| CVE-2025-26881 | WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | bPlugins | Sticky Content | Medium | 6.5 | 2025-02-25 14:17:52 | Deep Dive |
| CVE-2025-27311 | WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | luk3thomas | Bulk Content Creator | Medium | 4.3 | 2025-02-24 14:48:58 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |
| CVE-2024-12276 | Ultimate Member <= 2.9.2 - Authenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-02-21 09:21:06 | Deep Dive |
| CVE-2024-13818 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | Medium | 5.3 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2024-13672 | Mini Course Generator | Embed mini-courses and interactive content <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | minicoursegenerator | Mini Course Generator | Embed mini-courses and interactive content | Medium | 6.4 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2024-6432 | Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2025-02-20 09:21:37 | Deep Dive |
| CVE-2024-13674 | Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | berginformatik | Cosmic Blocks (40+) Content Editor Blocks Collection | Medium | 6.4 | 2025-02-19 07:32:09 | Deep Dive |
| CVE-2024-11376 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241216 - Reflected Cross-Site Scripting | clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | Medium | 6.1 | 2025-02-18 07:28:12 | Deep Dive |
| CVE-2025-26759 | WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability | alexvtn | Content Snippet Manager | High | 7.1 | 2025-02-16 22:17:18 | Deep Dive |
| CVE-2025-23652 | WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Fabio Zuanon | Add custom content after post | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13120 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13119 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:06 | Deep Dive |
| CVE-2024-8125 | A remote code vulnerability has been discovered in OpenText™ Content Management. | OpenText™ | Content Management (Extended ECM) | 中危 | - | 2025-02-04 21:27:28 | Deep Dive |
| CVE-2025-23645 | WordPress Find Content IDs plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Optimize Worldwide | Find Content IDs | High | 7.1 | 2025-02-04 14:21:14 | Deep Dive |
| CVE-2025-22681 | WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability | Xfinitysoft | Content Cloner | Medium | 4.3 | 2025-02-03 14:23:51 | Deep Dive |
| CVE-2024-12037 | Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-01-31 11:11:11 | Deep Dive |