| CVE-2025-24576 | WordPress Landing Page Cat plugin <= 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability | fatcatapps | Landing Page Cat | High | 7.1 | 2025-02-03 14:22:47 | Deep Dive |
| CVE-2024-11829 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-02-01 06:41:52 | Deep Dive |
| CVE-2024-13530 | Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination | zia-imtiaz | Login Page Styler – Custom WordPress Login Page Customizer & Security | Medium | 4.3 | 2025-01-31 07:23:40 | Deep Dive |
| CVE-2024-13226 | A5 Custom Login Page <= 2.8.1 - Reflected XSS | Unknown | A5 Custom Login Page | 中危 | - | 2025-01-31 06:00:17 | Deep Dive |
| CVE-2024-13225 | ECT Home Page Products <= 1.9 - Reflected XSS | Unknown | ECT Home Page Products | 中危 | - | 2025-01-31 06:00:17 | Deep Dive |
| CVE-2025-24540 | WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability | SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | Medium | 4.3 | 2025-01-27 14:22:15 | Deep Dive |
| CVE-2024-10705 | Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl | themeisle | Multiple Page Generator Plugin – MPG | Medium | 5.4 | 2025-01-26 06:41:22 | Deep Dive |
| CVE-2025-23888 | WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability | GrandSlambert | Custom Page Extensions | High | 7.1 | 2025-01-24 10:52:57 | Deep Dive |
| CVE-2024-12117 | Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | bfintal | Stackable – Page Builder Gutenberg Blocks | Medium | 6.4 | 2025-01-22 07:03:53 | Deep Dive |
| CVE-2024-13516 | Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting | extendthemes | Kubio AI Page Builder | Medium | 6.1 | 2025-01-18 05:33:50 | Deep Dive |
| CVE-2025-23775 | WordPress GMAPS for WPBakery Page Builder Free Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | WWP | GMAPS for WPBakery Page Builder Free | Medium | 6.5 | 2025-01-16 20:06:56 | Deep Dive |
| CVE-2025-23715 | WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability | RaymondDesign | Post & Page Notes | High | 7.1 | 2025-01-16 20:06:47 | Deep Dive |
| CVE-2025-23547 | WordPress LH Login Page plugin <= 2.14 - Reflected Cross Site Scripting (XSS) vulnerability | shawfactor | LH Login Page | High | 7.1 | 2025-01-16 20:06:21 | Deep Dive |
| CVE-2025-22759 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability | BoldGrid | Post and Page Builder by BoldGrid | Medium | 6.5 | 2025-01-15 15:23:25 | Deep Dive |
| CVE-2024-12423 | Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting | scottpaterson | Business Essentials for Contact Form 7 | Medium | 6.1 | 2025-01-15 09:25:55 | Deep Dive |
| CVE-2024-12240 | Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter | gpriday | Page Builder by SiteOrigin | Medium | 6.4 | 2025-01-14 11:08:36 | Deep Dive |
| CVE-2025-22568 | WordPress Post And Page Reactions Plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability | arete-it | Post And Page Reactions | High | 7.1 | 2025-01-13 13:11:32 | Deep Dive |
| CVE-2025-22569 | WordPress Featured Page Widget Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | GrandSlambert | Featured Page Widget | High | 7.1 | 2025-01-13 13:11:31 | Deep Dive |
| CVE-2024-12304 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2025-01-11 03:21:03 | Deep Dive |
| CVE-2024-6155 | Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting | wpsoul | Greenshift – animation and page builder blocks | Medium | 6.4 | 2025-01-09 11:11:05 | Deep Dive |