| CVE-2025-13205 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Cloning | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2026-01-24 09:08:09 | Deep Dive |
| CVE-2025-13194 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2026-01-24 09:08:08 | Deep Dive |
| CVE-2025-13139 | SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2026-01-24 09:08:06 | Deep Dive |
| CVE-2025-14457 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Low | 3.7 | 2026-01-15 06:45:04 | Deep Dive |
| CVE-2025-13753 | WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation | wptb | WP Table Builder – Drag & Drop Table Builder | Medium | 4.3 | 2026-01-09 07:22:12 | Deep Dive |
| CVE-2025-13974 | Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content | themehigh | Email Customizer for WooCommerce | Drag and Drop Email Templates Builder | Medium | 4.4 | 2026-01-07 09:21:04 | Deep Dive |
| CVE-2025-14842 | Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 6.1 | 2026-01-07 06:36:04 | Deep Dive |
| CVE-2025-12934 | Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | High | 8.1 | 2025-12-23 09:20:02 | Deep Dive |
| CVE-2025-60084 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | High | 8.8 | 2025-12-18 07:22:08 | Deep Dive |
| CVE-2025-60080 | WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability | add-ons.org | PDF for Gravity Forms + Drag And Drop Template Builder | - | - | 2025-12-18 07:22:07 | Deep Dive |
| CVE-2025-14074 | PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication | addonsorg | PDF for Contact Form 7 + Drag and Drop Template Builder | Medium | 4.3 | 2025-12-12 09:20:28 | Deep Dive |
| CVE-2025-12558 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-09 13:51:07 | Deep Dive |
| CVE-2025-12782 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-04 06:48:40 | Deep Dive |
| CVE-2025-11726 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-02 07:24:31 | Deep Dive |
| CVE-2025-13140 | SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2025-12-02 06:40:25 | Deep Dive |
| CVE-2025-13159 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload | flothemesplugins | Flo Forms – Easy Drag & Drop Form Builder | High | 7.1 | 2025-11-21 07:31:52 | Deep Dive |
| CVE-2025-12528 | Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload | genetechproducts | Pie Forms — Drag & Drop Form Builder | High | 8.1 | 2025-11-18 08:27:31 | Deep Dive |
| CVE-2025-12366 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-11-13 03:27:37 | Deep Dive |
| CVE-2025-12644 | Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields | wpcox | Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress | Medium | 6.4 | 2025-11-11 03:30:38 | Deep Dive |
| CVE-2025-53283 | WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload Vulnerability | borisolhor | Drop Uploader for CF7 - Drag&Drop File Uploader Addon | 中危 | - | 2025-11-06 15:54:04 | Deep Dive |