| CVE-2025-2573 | Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | zia420 | Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) | Medium | 6.4 | 2025-03-26 02:23:49 | Deep Dive |
| CVE-2025-30606 | WordPress Easy Page Transition plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | Logan Carlile | Easy Page Transition | Medium | 5.9 | 2025-03-24 13:47:25 | Deep Dive |
| CVE-2024-13856 | Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function | thethemefoundry | Your Friendly Drag and Drop Page Builder — Make Builder | Medium | 6.4 | 2025-03-22 06:41:13 | Deep Dive |
| CVE-2025-1764 | LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update | hiddenpearls | LoginPress | wp-login Custom Login Page Customizer | High | 7.5 | 2025-03-14 05:24:02 | Deep Dive |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-13 04:21:05 | Deep Dive |
| CVE-2024-13430 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-12 08:21:37 | Deep Dive |
| CVE-2025-28912 | WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | Muntasir Rahman | Custom Dashboard Page | Medium | 4.3 | 2025-03-11 21:00:58 | Deep Dive |
| CVE-2025-28901 | WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability | Naren | Members page only for logged in users | High | 7.1 | 2025-03-11 21:00:52 | Deep Dive |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-10 04:21:11 | Deep Dive |
| CVE-2025-1664 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-03-08 11:16:40 | Deep Dive |
| CVE-2025-1287 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-03-08 08:22:58 | Deep Dive |
| CVE-2025-23615 | WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability | gtekelis | Interactive Page Hierarchy | Medium | 6.5 | 2025-03-03 13:30:15 | Deep Dive |
| CVE-2025-23595 | WordPress Page Health-O-Meter plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | brainpulse | Page Health-O-Meter | High | 7.1 | 2025-03-03 13:30:14 | Deep Dive |
| CVE-2025-23536 | WordPress Track Page Scroll plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | mndpsingh287 | Track Page Scroll | High | 7.1 | 2025-03-03 13:30:10 | Deep Dive |
| CVE-2025-23517 | WordPress Google Map on Post/Page plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | sunil chaulagain | Google Map on Post/Page | High | 7.1 | 2025-03-03 13:30:09 | Deep Dive |
| CVE-2025-1291 | Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-03-01 08:23:21 | Deep Dive |
| CVE-2025-1459 | Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | gpriday | Page Builder by SiteOrigin | Medium | 6.4 | 2025-03-01 06:39:29 | Deep Dive |
| CVE-2024-10860 | NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission | xlplugins | NextMove Lite – Thank You Page for WooCommerce | Medium | 4.3 | 2025-02-28 09:22:44 | Deep Dive |
| CVE-2024-13803 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-02-26 07:01:19 | Deep Dive |
| CVE-2025-27351 | WordPress Local Search SEO Contact Page plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | ExpertBusinessSearch | Local Search SEO Contact Page | Medium | 6.5 | 2025-02-24 14:49:24 | Deep Dive |