| CVE-2026-2579 | WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter | wpxpo | WowStore – Store Builder & Product Blocks for WooCommerce | High | 7.5 | 2026-03-17 01:24:29 | Deep Dive |
| CVE-2026-32543 | WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability | CyberChimps | Responsive Blocks | 中危 | - | 2026-03-13 11:42:24 | Deep Dive |
| CVE-2026-2371 | Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.3 | 2026-03-06 23:22:59 | Deep Dive |
| CVE-2026-2589 | Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.3 | 2026-03-05 23:21:31 | Deep Dive |
| CVE-2026-2593 | Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpsoul | Greenshift – animation and page builder blocks | Medium | 6.4 | 2026-03-05 21:24:07 | Deep Dive |
| CVE-2026-1273 | PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 7.2 | 2026-03-04 01:21:59 | Deep Dive |
| CVE-2026-1614 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes | eaglethemes | Rise Blocks – A Complete Gutenberg Page Builder | Medium | 6.4 | 2026-02-25 06:54:52 | Deep Dive |
| CVE-2025-69390 | WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | themebon | Business Template Blocks for WPBakery (Visual Composer) Page Builder | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2024-50452 | WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability | POSIMYTH | Nexter Blocks | - | - | 2026-02-20 15:46:25 | Deep Dive |
| CVE-2026-0722 | Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection | paultgoodchild | Shield: Blocks Bots, Protects Users, and Prevents Security Breaches | Medium | 6.5 | 2026-02-19 04:36:28 | Deep Dive |
| CVE-2026-0561 | Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter | paultgoodchild | Shield: Blocks Bots, Protects Users, and Prevents Security Breaches | Medium | 6.1 | 2026-02-19 04:36:24 | Deep Dive |
| CVE-2025-14427 | Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update | paultgoodchild | Shield: Blocks Bots, Protects Users, and Prevents Security Breaches | Medium | 4.3 | 2026-02-19 04:36:19 | Deep Dive |
| CVE-2026-2633 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2026-1857 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:40 | Deep Dive |
| CVE-2026-2608 | Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-17 11:20:37 | Deep Dive |
| CVE-2026-1560 | Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution | nko | Custom Block Builder – Lazy Blocks | High | 8.8 | 2026-02-11 08:26:28 | Deep Dive |
| CVE-2020-37121 | CODE::BLOCKS 16.01 - Buffer Overflow (SEH) UNICODE | Code::Blocks | Code::Blocks | Medium | 5.5 | 2026-02-05 16:13:31 | Deep Dive |
| CVE-2026-1927 | GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.4 | 2026-02-05 13:27:38 | Deep Dive |
| CVE-2026-0950 | Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 5.3 | 2026-02-03 05:30:15 | Deep Dive |
| CVE-2020-37040 | Code Blocks 17.12 - 'File Name' Local Buffer Overflow | Code::Blocks | Code::Blocks | High | 8.4 | 2026-01-30 22:07:15 | Deep Dive |