| CVE-2024-10143 | MB Custom Post Types & Custom Taxonomies < 2.7.7 - Admin+ Stored XSS | Unknown | MB Custom Post Types & Custom Taxonomies | - | - | 2025-05-15 20:06:41 | Deep Dive |
| CVE-2025-46471 | WordPress WP Custom Post Popup plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | gnanavelshenll | WP Custom Post Popup | Medium | 6.5 | 2025-04-24 16:09:09 | Deep Dive |
| CVE-2025-30616 | WordPress Latest Custom Post Type Updates plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability | David Wood | Latest Custom Post Type Updates | High | 7.1 | 2025-04-03 13:27:08 | Deep Dive |
| CVE-2025-31767 | WordPress Post Custom Templates Lite plugin <= 1.14 - Stored Cross Site Scripting (XSS) vulnerability | OTWthemes | Post Custom Templates Lite | Medium | 6.5 | 2025-04-01 14:51:18 | Deep Dive |
| CVE-2025-1510 | Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution | keesiemeijer | Custom Post Type Date Archives | High | 7.3 | 2025-02-22 03:21:00 | Deep Dive |
| CVE-2024-6432 | Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2025-02-20 09:21:37 | Deep Dive |
| CVE-2025-23652 | WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Fabio Zuanon | Add custom content after post | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2025-25139 | WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability | Cynob IT Consultancy | WP Custom Post RSS Feed | High | 7.1 | 2025-02-07 10:11:50 | Deep Dive |
| CVE-2025-23500 | WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | faaiq | Simple Custom post type custom field | High | 7.1 | 2025-01-22 14:29:13 | Deep Dive |
| CVE-2025-23566 | WordPress Custom Post plugin <= 1.0 - CSRF to Stored XSS vulnerability | syedamirhussain91 | Custom Post | High | 7.1 | 2025-01-16 20:06:17 | Deep Dive |
| CVE-2025-23530 | WordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerability | yonisink | Custom Post Type Lockdown | High | 8.8 | 2025-01-16 20:06:11 | Deep Dive |
| CVE-2025-23463 | WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability | Mukesh Dak | MD Custom content after or before of post | High | 7.1 | 2025-01-16 20:05:49 | Deep Dive |
| CVE-2025-22748 | WordPress SetMore Theme – Custom Post Types plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability | Setmore | SetMore Theme – Custom Post Types | Medium | 6.5 | 2025-01-15 15:23:30 | Deep Dive |
| CVE-2024-11642 | Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion | mdshuvo | Post Grid Master — Post Grids & AJAX Filters | Critical | 9.8 | 2025-01-09 11:11:04 | Deep Dive |
| CVE-2024-12538 | Duplicate Post, Page and Any Custom Post <= 3.5.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication | binsaifullah | Duplicate Post, Page and Any Custom Post | Medium | 4.3 | 2025-01-07 03:22:00 | Deep Dive |
| CVE-2023-36526 | WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 3.0.1 - Broken Access Control vulnerability | Attinder Singh | Duplicate Post Page Menu & Custom Post Type | Medium | 5.4 | 2024-12-13 14:23:44 | Deep Dive |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | Jose Vega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-12-09 11:31:00 | Deep Dive |
| CVE-2024-53769 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability | lriaudel | Custom Post Type to Map Store | High | 7.1 | 2024-12-02 13:48:32 | Deep Dive |
| CVE-2024-51683 | WordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerability | Michael | Custom post type templates for Elementor | Medium | 6.5 | 2024-11-04 14:11:51 | Deep Dive |
| CVE-2024-49321 | WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability | colorlibplugins | Simple Custom Post Order | - | - | 2024-10-21 11:11:02 | Deep Dive |