| CVE-2025-7631 | Time-Based Blind SQLi in Tumeva Internet Technologies' Tumeva Prime News Software | Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. | Tumeva Prime News Software | High | 8.6 | 2026-02-17 11:36:51 | Deep Dive |
| CVE-2026-1216 | RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter | rebelcode | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | High | 7.2 | 2026-02-17 09:26:22 | Deep Dive |
| CVE-2026-2225 | itsourcecode News Portal Project Administrator Login index.php sql injection | itsourcecode | News Portal Project | High | 7.3 | 2026-02-09 09:02:08 | Deep Dive |
| CVE-2026-2162 | itsourcecode News Portal Project aboutus.php sql injection | itsourcecode | News Portal Project | Medium | 4.7 | 2026-02-08 16:02:10 | Deep Dive |
| CVE-2026-1424 | PHPGurukul News Portal Profile Pic unrestricted upload | PHPGurukul | News Portal | Medium | 4.7 | 2026-01-26 07:02:07 | Deep Dive |
| CVE-2025-14745 | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode | rebelcode | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | Medium | 6.4 | 2026-01-23 05:29:51 | Deep Dive |
| CVE-2025-62056 | WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability | blazethemes | News Event | - | - | 2026-01-22 16:51:47 | Deep Dive |
| CVE-2026-1142 | PHPGurukul News Portal cross-site request forgery | PHPGurukul | News Portal | Medium | 4.3 | 2026-01-19 06:32:08 | Deep Dive |
| CVE-2026-1141 | PHPGurukul News Portal Add Sub-Admin add-subadmins.php improper authorization | PHPGurukul | News Portal | Medium | 6.3 | 2026-01-19 06:02:08 | Deep Dive |
| CVE-2025-14375 | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className | rebelcode | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | Medium | 6.1 | 2026-01-16 07:23:10 | Deep Dive |
| CVE-2025-14502 | News and Blog Designer Bundle <= 1.1 - Unauthenticated Local File Inclusion | vaghasia3 | News and Blog Designer Bundle | Critical | 9.8 | 2026-01-14 05:28:13 | Deep Dive |
| CVE-2025-49349 | WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability | Reuters News Agency | Reuters Direct | Medium | 5.3 | 2025-12-31 14:48:34 | Deep Dive |
| CVE-2025-15197 | code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload | code-projects | Content Management System | Medium | 4.7 | 2025-12-29 17:02:06 | Deep Dive |
| CVE-2025-12980 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 7.5 | 2025-12-21 02:20:33 | Deep Dive |
| CVE-2025-11467 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 5.8 | 2025-12-11 01:55:32 | Deep Dive |
| CVE-2025-62090 | WordPress Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons plugin <= 3.0.2 - Broken Access Control vulnerability | Jegstudio | Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons | - | - | 2025-12-09 14:52:20 | Deep Dive |
| CVE-2025-13656 | Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute | arnabkumar | Cute News Ticker | Medium | 6.4 | 2025-12-06 05:49:30 | Deep Dive |
| CVE-2025-12616 | PHPGurukul News Portal settings.py insertion of sensitive information into debugging code | PHPGurukul | News Portal | Low | 3.7 | 2025-11-03 04:02:06 | Deep Dive |
| CVE-2025-12615 | PHPGurukul News Portal settings.py hard-coded key | PHPGurukul | News Portal | Medium | 5.0 | 2025-11-03 03:32:07 | Deep Dive |
| CVE-2025-11128 | Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 5.0 | 2025-10-23 12:32:33 | Deep Dive |