| CVE-2025-25116 | WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability | sudipto | Link to URL / Post | High | 7.6 | 2025-02-07 10:11:45 | Deep Dive |
| CVE-2025-0859 | Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.5 | 2025-02-06 09:21:18 | Deep Dive |
| CVE-2025-24677 | WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability | wpspin | Post/Page Copying Tool | Critical | 9.9 | 2025-02-04 14:21:15 | Deep Dive |
| CVE-2024-12037 | Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-01-31 11:11:11 | Deep Dive |
| CVE-2025-24549 | WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability | Mahbubur Rahman | Post Meta | High | 7.1 | 2025-01-31 08:24:40 | Deep Dive |
| CVE-2025-23977 | WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability | Bhaskar Dhote | Post Carousel Slider | High | 7.1 | 2025-01-31 08:23:56 | Deep Dive |
| CVE-2024-13664 | WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpbean | WP Post List Table | Medium | 6.4 | 2025-01-30 13:42:08 | Deep Dive |
| CVE-2025-24782 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2025-01-27 14:22:20 | Deep Dive |
| CVE-2025-24736 | WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability | metaphorcreations | Post Duplicator | Medium | 4.3 | 2025-01-24 17:25:24 | Deep Dive |
| CVE-2025-24733 | WordPress Post Grid Master plugin <= 3.4.12 - Local File Inclusion vulnerability | Akhtarujjaman Shuvo | Post Grid Master | Medium | 6.5 | 2025-01-24 17:25:17 | Deep Dive |
| CVE-2025-24589 | WordPress JSM Show Post Metadata plugin <= 4.6.0 - Broken Access Control vulnerability | JS Morisset | JSM Show Post Metadata | Medium | 4.3 | 2025-01-24 17:24:21 | Deep Dive |
| CVE-2025-24585 | WordPress Event post plugin <= 5.9.7 - Stored Cross Site Scripting (XSS) vulnerability | Bastien Ho | Event post | Medium | 6.5 | 2025-01-24 17:24:20 | Deep Dive |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13409 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2024-12043 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2025-01-23 11:13:27 | Deep Dive |
| CVE-2025-23709 | WordPress Formatted post plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability | kiroro | Formatted post | High | 7.1 | 2025-01-22 14:32:09 | Deep Dive |
| CVE-2025-23500 | WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | faaiq | Simple Custom post type custom field | High | 7.1 | 2025-01-22 14:29:13 | Deep Dive |
| CVE-2025-22276 | WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | enguerranws | Related Post Shortcode | Medium | 5.9 | 2025-01-21 17:21:51 | Deep Dive |
| CVE-2024-12071 | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | evergreencontentposter | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media | Medium | 5.3 | 2025-01-18 03:21:13 | Deep Dive |
| CVE-2025-23878 | WordPress Post-to-Post Links plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability | Scott Reilly | Post-to-Post Links | Medium | 5.9 | 2025-01-16 20:07:33 | Deep Dive |