| CVE-2025-8565 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation | wplegalpages | Privacy Policy Generator – WPLP Legal Pages | High | 8.1 | 2025-09-18 09:31:29 | Deep Dive |
| CVE-2025-58805 | WordPress Widgetize Pages Light Plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability | OTWthemes | Widgetize Pages Light | Medium | 5.9 | 2025-09-05 13:45:10 | Deep Dive |
| CVE-2025-8361 | Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093 | Drupal | Config Pages | - | - | 2025-08-15 16:26:46 | Deep Dive |
| CVE-2025-31425 | WordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerability | kamleshyadav | WP Lead Capturing Pages | High | 7.5 | 2025-08-14 10:34:28 | Deep Dive |
| CVE-2025-5998 | PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API | Unknown | PPWP – Password Protect Pages | - | - | 2025-08-14 08:48:55 | Deep Dive |
| CVE-2025-52779 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability | karimmughal | Dot html,php,xml etc pages | High | 7.1 | 2025-07-16 11:27:56 | Deep Dive |
| CVE-2025-7031 | Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086 | Drupal | Config Pages Viewer | - | - | 2025-07-08 20:54:28 | Deep Dive |
| CVE-2025-31424 | WordPress WP Lead Capturing Pages plugin < 2.6 - SQL Injection vulnerability | kamleshyadav | WP Lead Capturing Pages | Critical | 9.3 | 2025-06-09 15:56:39 | Deep Dive |
| CVE-2025-30995 | WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | OTWthemes | Widgetize Pages Light | High | 7.1 | 2025-06-06 12:54:01 | Deep Dive |
| CVE-2025-49285 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability | WP Legal Pages | WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Medium | 4.3 | 2025-06-06 12:53:42 | Deep Dive |
| CVE-2025-48242 | WordPress Legal Pages plugin <= 1.4.5 - Broken Access Control Vulnerability | wpWax | Legal Pages | Medium | 6.5 | 2025-05-19 14:44:54 | Deep Dive |
| CVE-2025-48112 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | karimmughal | Dot html,php,xml etc pages | High | 7.1 | 2025-05-16 15:45:06 | Deep Dive |
| CVE-2025-1454 | Ninja Pages <= 1.4.2 - Admin+ Stored XSS | Unknown | Ninja Pages | - | - | 2025-05-15 20:07:27 | Deep Dive |
| CVE-2024-8759 | Nested Pages <= 3.2.8 - Editor+ Stored XSS | Unknown | Nested Pages | - | - | 2025-05-15 20:07:19 | Deep Dive |
| CVE-2025-3053 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution | admintwentytwenty | UiPress lite | Effortless custom dashboards, admin themes and pages | High | 8.8 | 2025-05-15 04:21:50 | Deep Dive |
| CVE-2025-47733 | Microsoft Power Apps Information Disclosure Vulnerability | Microsoft | Microsoft Power Pages | Critical | 9.1 | 2025-05-08 22:17:27 | Deep Dive |
| CVE-2025-4100 | Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | stur | Nautic Pages | Medium | 6.4 | 2025-05-01 06:40:16 | Deep Dive |
| CVE-2025-46533 | WordPress Landing pages and Domain aliases for WordPress plugin <= 0.8 - Cross Site Scripting (XSS) Vulnerability | wpdrift.no | Landing pages and Domain aliases for WordPress | Medium | 5.9 | 2025-04-24 16:09:17 | Deep Dive |
| CVE-2025-32625 | WordPress Mobile Blocks Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | pootlepress | Mobile Pages | High | 7.1 | 2025-04-17 15:47:14 | Deep Dive |
| CVE-2025-3453 | Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 5.3 | 2025-04-17 11:13:05 | Deep Dive |