| CVE-2025-14074 | PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication | addonsorg | PDF for Contact Form 7 + Drag and Drop Template Builder | Medium | 4.3 | 2025-12-12 09:20:28 | Deep Dive |
| CVE-2025-14119 | App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | themebon | App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | Medium | 6.4 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-63058 | WordPress Custom Field Template plugin <= 2.7.6 - Sensitive Data Exposure vulnerability | Hiroaki Miyashita | Custom Field Template | Medium | 4.3 | 2025-12-09 14:52:33 | Deep Dive |
| CVE-2025-13697 | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute | wpblockart | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | Medium | 6.4 | 2025-12-02 01:51:57 | Deep Dive |
| CVE-2025-12644 | Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields | wpcox | Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress | Medium | 6.4 | 2025-11-11 03:30:38 | Deep Dive |
| CVE-2025-64200 | WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability | VillaTheme | Email Template Customizer for WooCommerce | - | - | 2025-10-29 08:38:06 | Deep Dive |
| CVE-2025-12072 | Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update | mynamevenu24 | Disable Content Editor For Specific Template | Medium | 4.3 | 2025-10-24 08:23:57 | Deep Dive |
| CVE-2025-58800 | WordPress WP Email Template plugin <= 2.8.6 - Cross Site Request Forgery (CSRF) vulnerability | Steve Truman | WP Email Template | Medium | 4.3 | 2025-09-05 13:45:07 | Deep Dive |
| CVE-2025-58208 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | Medium | 6.5 | 2025-08-27 17:45:47 | Deep Dive |
| CVE-2025-54872 | onion-site-template tor Secrets Baked Into Image | Vessel9817 | onion-site-template | - | - | 2025-08-05 23:40:47 | Deep Dive |
| CVE-2025-2168 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Medium | 4.3 | 2025-05-01 03:23:40 | Deep Dive |
| CVE-2025-3491 | Add custom page template <= 2.0.1 - Authenticated (Administrator+) PHP Code Injection to Remote Code Execution | kiranpatil353 | Add custom page template | High | 7.2 | 2025-04-26 05:34:24 | Deep Dive |
| CVE-2025-32507 | WordPress Event Espresso plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | Aakif Kadiwala | Event Espresso – Custom Email Template Shortcode | High | 7.1 | 2025-04-17 15:47:48 | Deep Dive |
| CVE-2025-28927 | WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability | A. Chappard | Display Template Name | Medium | 4.3 | 2025-03-11 21:01:07 | Deep Dive |
| CVE-2024-9149 | SQLi in Wind Media's E-Commerce Website Template | Wind Media | E-Commerce Website Template | High | 8.6 | 2025-03-04 14:16:28 | Deep Dive |
| CVE-2024-12593 | PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode | addonsorg | PDF for WPForms + Drag and Drop Template Builder | Medium | 6.4 | 2025-01-15 11:24:37 | Deep Dive |
| CVE-2024-12851 | Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-01-08 06:41:38 | Deep Dive |
| CVE-2024-11852 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 4.3 | 2024-12-22 01:42:00 | Deep Dive |
| CVE-2024-9058 | Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-12-03 06:50:54 | Deep Dive |
| CVE-2024-10980 | Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS | Unknown | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) | 中危 | - | 2024-11-29 06:00:08 | Deep Dive |