| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13537 | Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | livecomposer | Live Composer – Free WordPress Website Builder | Medium | 6.4 | 2025-12-17 18:21:35 | Deep Dive |
| CVE-2025-11220 | Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-12-16 11:15:44 | Deep Dive |
| CVE-2025-11693 | Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File | recorp | Export WordPress Pages to Static HTML & PDF — Static Site Export | Critical | 9.8 | 2025-12-13 04:31:34 | Deep Dive |
| CVE-2025-14467 | WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.4 | 2025-12-12 03:20:39 | Deep Dive |
| CVE-2025-14293 | WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 6.5 | 2025-12-11 20:22:09 | Deep Dive |
| CVE-2025-67588 | WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability | Elementor | Elementor Website Builder | Medium | 4.3 | 2025-12-09 14:14:17 | Deep Dive |
| CVE-2025-12558 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-09 13:51:07 | Deep Dive |
| CVE-2025-13377 | 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache | 10web | 10Web Booster – Website speed optimization, Cache & Page Speed optimizer | Critical | 9.6 | 2025-12-06 06:39:09 | Deep Dive |
| CVE-2025-13528 | Feedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter | nedwp | Feedback Modal for Website | Medium | 5.3 | 2025-12-05 05:31:30 | Deep Dive |
| CVE-2025-12782 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-04 06:48:40 | Deep Dive |
| CVE-2025-11726 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-02 07:24:31 | Deep Dive |
| CVE-2025-13793 | winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting | winston-dsouza | Ecommerce-Website | Medium | 4.3 | 2025-11-30 17:02:06 | Deep Dive |
| CVE-2025-13561 | SourceCodester Company Website CMS index.php sql injection | SourceCodester | Company Website CMS | High | 7.3 | 2025-11-23 17:32:06 | Deep Dive |
| CVE-2025-13560 | SourceCodester Company Website CMS reset-password.php sql injection | SourceCodester | Company Website CMS | High | 7.3 | 2025-11-23 17:02:06 | Deep Dive |
| CVE-2025-5092 | Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library | lightgalleryteam | LightGallery WP | Medium | 6.4 | 2025-11-20 06:38:42 | Deep Dive |
| CVE-2025-12484 | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting | smub | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | High | 7.2 | 2025-11-19 07:46:07 | Deep Dive |
| CVE-2025-13275 | Iqbolshoh php-business-website about.php unrestricted upload | Iqbolshoh | php-business-website | Medium | 4.7 | 2025-11-17 10:32:05 | Deep Dive |
| CVE-2025-12366 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-11-13 03:27:37 | Deep Dive |
| CVE-2025-11162 | Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2025-11-05 04:36:58 | Deep Dive |
| CVE-2025-12335 | code-projects E-Commerce Website supplier_update.php cross site scripting | code-projects | E-Commerce Website | Medium | 4.3 | 2025-10-27 23:32:06 | Deep Dive |