| CVE-2026-25335 | WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.0 - Broken Access Control vulnerability | Ays Pro | Secure Copy Content Protection and Content Locking | - | - | 2026-02-19 08:26:58 | Deep Dive |
| CVE-2026-25326 | WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability | cmsmasters | CMSMasters Content Composer | - | - | 2026-02-19 08:26:57 | Deep Dive |
| CVE-2026-23547 | WordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerability | cmsmasters | CMSMasters Content Composer | - | - | 2026-02-19 08:26:49 | Deep Dive |
| CVE-2026-1994 | s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover | clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | Critical | 9.8 | 2026-02-19 06:49:44 | Deep Dive |
| CVE-2025-13732 | s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | Medium | 6.4 | 2026-02-19 04:36:06 | Deep Dive |
| CVE-2026-1404 | Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.1 | 2026-02-18 14:24:59 | Deep Dive |
| CVE-2026-1304 | Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings | stellarwp | Membership Plugin – Restrict Content | Medium | 4.4 | 2026-02-18 05:29:19 | Deep Dive |
| CVE-2022-41650 | WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability | Paul | Custom Content by Country (by Shield Security) | Medium | 6.5 | 2026-02-17 14:56:34 | Deep Dive |
| CVE-2026-1320 | Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header | ays-pro | Secure Copy Content Protection and Content Locking | High | 7.2 | 2026-02-12 13:25:34 | Deep Dive |
| CVE-2026-1268 | Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field | brechtvds | Dynamic Widget Content | Medium | 6.4 | 2026-02-05 06:47:43 | Deep Dive |
| CVE-2026-0743 | WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter | orenhav | WP Content Permission | Medium | 4.4 | 2026-02-04 08:25:33 | Deep Dive |
| CVE-2025-7714 | Time Based SQLi in Global Medya's PHP CMS | Global Interactive Design Media Software Inc. | Content Management System (CMS) | High | 7.5 | 2026-01-29 14:44:12 | Deep Dive |
| CVE-2025-7713 | Reflected XSS in Global Medya's PHP CMS | Global Interactive Design Media Software Inc. | Content Management System (CMS) | High | 7.5 | 2026-01-29 14:38:41 | Deep Dive |
| CVE-2025-14472 | Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125 | Drupal | Acquia Content Hub | - | - | 2026-01-28 20:03:09 | Deep Dive |
| CVE-2025-14865 | Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpchill | Passster – Password Protect Pages and Content | Medium | 6.4 | 2026-01-28 12:28:37 | Deep Dive |
| CVE-2026-24572 | WordPress Nelio Content plugin <= 4.2.0 - SQL Injection vulnerability | Nelio Software | Nelio Content | High | 8.5 | 2026-01-23 14:28:57 | Deep Dive |
| CVE-2026-22347 | WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability | subhansanjaya | Carousel Horizontal Posts Content Slider | - | - | 2026-01-22 16:52:34 | Deep Dive |
| CVE-2025-69055 | WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability | SeaTheme | BM Content Builder | - | - | 2026-01-22 16:52:21 | Deep Dive |
| CVE-2025-63019 | WordPress Cookies and Content Security Policy plugin <= 2.34 - Sensitive Data Exposure vulnerability | Johan Jonk Stenström | Cookies and Content Security Policy | Medium | 5.3 | 2026-01-22 16:51:48 | Deep Dive |
| CVE-2025-14844 | Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure | stellarwp | Membership Plugin – Restrict Content | High | 8.2 | 2026-01-16 09:23:47 | Deep Dive |