| CVE-2026-1206 | Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | elemntor | Elementor Website Builder – more than just a page builder | Medium | 4.3 | 2026-03-26 05:29:33 | Deep Dive |
| CVE-2026-3645 | Punnel <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action | punnel | Punnel – Landing Page Builder | Medium | 5.3 | 2026-03-21 03:27:00 | Deep Dive |
| CVE-2026-32487 | WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability | raratheme | Lawyer Landing Page | 中危 | - | 2026-03-13 11:42:24 | Deep Dive |
| CVE-2026-32381 | WordPress App Landing Page theme <= 1.2.2 - Broken Access Control vulnerability | raratheme | App Landing Page | 中危 | - | 2026-03-13 11:42:09 | Deep Dive |
| CVE-2026-32378 | WordPress Book Landing Page theme <= 1.2.7 - Broken Access Control vulnerability | raratheme | Book Landing Page | 中危 | - | 2026-03-13 11:42:08 | Deep Dive |
| CVE-2026-32340 | WordPress Business One Page theme <= 1.3.2 - Broken Access Control vulnerability | raratheme | Business One Page | 中危 | - | 2026-03-13 11:41:57 | Deep Dive |
| CVE-2026-32338 | WordPress Construction Landing Page theme <= 1.4.1 - Broken Access Control vulnerability | raratheme | Construction Landing Page | 中危 | - | 2026-03-13 11:41:57 | Deep Dive |
| CVE-2026-2371 | Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.3 | 2026-03-06 23:22:59 | Deep Dive |
| CVE-2026-2589 | Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.3 | 2026-03-05 23:21:31 | Deep Dive |
| CVE-2026-2593 | Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpsoul | Greenshift – animation and page builder blocks | Medium | 6.4 | 2026-03-05 21:24:07 | Deep Dive |
| CVE-2026-2893 | Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter | carlosfazenda | Fast Page & Post Duplicator | Medium | 6.5 | 2026-03-05 07:30:55 | Deep Dive |
| CVE-2026-28038 | WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability | Brainstorm_Force | Ultimate Addons for WPBakery Page Builder | Medium | 6.5 | 2026-03-05 05:54:15 | Deep Dive |
| CVE-2026-2448 | Page Builder by SiteOrigin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion | gpriday | Page Builder by SiteOrigin | High | 8.8 | 2026-03-03 01:21:51 | Deep Dive |
| CVE-2026-1614 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes | eaglethemes | Rise Blocks – A Complete Gutenberg Page Builder | Medium | 6.4 | 2026-02-25 06:54:52 | Deep Dive |
| CVE-2026-2385 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 5.3 | 2026-02-22 08:24:45 | Deep Dive |
| CVE-2025-69390 | WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | themebon | Business Template Blocks for WPBakery (Visual Composer) Page Builder | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2025-60087 | WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability | Nenad Obradovic | Extensive VC Addons for WPBakery page builder | - | - | 2026-02-20 15:46:28 | Deep Dive |
| CVE-2026-27368 | WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulnerability | SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | - | - | 2026-02-19 20:35:42 | Deep Dive |
| CVE-2026-25451 | WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability | boldthemes | Bold Page Builder | - | - | 2026-02-19 08:27:08 | Deep Dive |
| CVE-2025-13438 | Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification | dienodigital | Page Title, Description & Open Graph Updater | Medium | 4.3 | 2026-02-19 04:36:15 | Deep Dive |