| CVE-2026-3231 | Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field | themehigh | Checkout Field Editor (Checkout Manager) for WooCommerce | High | 7.2 | 2026-03-11 09:25:45 | Deep Dive |
| CVE-2026-1867 | WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure | Unknown | Guest posting / Frontend Posting / Front Editor | - | - | 2026-03-11 06:00:09 | Deep Dive |
| CVE-2026-1820 | Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute | brainvireinfo | Media Library Alt Text Editor | Medium | 6.4 | 2026-03-07 07:22:06 | Deep Dive |
| CVE-2026-2040 | PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | PDF-XChange | PDF-XChange Editor | - | - | 2026-02-20 22:21:18 | Deep Dive |
| CVE-2025-69381 | WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability | vanquish | WooCommerce Bulk Product Editor | - | - | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2026-2633 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2026-1857 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:40 | Deep Dive |
| CVE-2026-2608 | Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-17 11:20:37 | Deep Dive |
| CVE-2026-1827 | IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute | luke-alford | IDE Micro code-editor | Medium | 6.4 | 2026-02-11 08:26:29 | Deep Dive |
| CVE-2026-0488 | Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) | SAP_SE | SAP CRM and SAP S/4HANA (Scripting Editor) | Critical | 9.9 | 2026-02-10 03:01:09 | Deep Dive |
| CVE-2026-0950 | Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 5.3 | 2026-02-03 05:30:15 | Deep Dive |
| CVE-2026-1060 | WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API | litonice13 | WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer | Medium | 5.3 | 2026-01-28 14:25:12 | Deep Dive |
| CVE-2025-12709 | Interactions – Create Interactive Experiences in the Block Editor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | bfintal | Interactions – Create Interactive Experiences in the Block Editor | Medium | 6.4 | 2026-01-28 06:43:44 | Deep Dive |
| CVE-2026-1088 | Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update | zero1zerouk | Login Page Editor | Medium | 4.3 | 2026-01-24 07:26:49 | Deep Dive |
| CVE-2026-0807 | Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter | wpmessiah | Frontis Blocks — Block Library for the Block Editor | High | 7.2 | 2026-01-24 07:26:41 | Deep Dive |
| CVE-2025-14866 | Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment | melapress | Melapress Role Editor | High | 8.8 | 2026-01-23 12:26:59 | Deep Dive |
| CVE-2025-14980 | BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.5 | 2026-01-09 06:34:53 | Deep Dive |
| CVE-2025-14984 | Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | jegstudio | Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor | Medium | 6.4 | 2026-01-08 09:20:52 | Deep Dive |
| CVE-2025-13419 | Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion | aharonyan | Guest posting / Frontend Posting / Front Editor – WP Front User Submit | Medium | 5.3 | 2026-01-07 09:21:00 | Deep Dive |
| CVE-2025-14888 | Simple User Meta Editor <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via User Meta Value Field | anjan011 | Simple User Meta Editor | Medium | 4.4 | 2026-01-07 06:36:01 | Deep Dive |