| CVE-2022-40963 | WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities | Themeum | WP Page Builder (WordPress plugin) | Medium | 4.8 | 2022-11-18 22:19:45 | Deep Dive |
| CVE-2022-41839 | WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability | WPBrigade | LoginPress | Custom Login Page Customizer (WordPress plugin) | Medium | 5.3 | 2022-11-18 21:47:53 | Deep Dive |
| CVE-2022-32587 | WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability | CodeAndMore | WP Page Widget (WordPress plugin) | Medium | 5.4 | 2022-11-08 18:37:29 | Deep Dive |
| CVE-2022-40131 | WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability | a3rev Software | Page View Count (WordPress plugin) | Medium | 5.4 | 2022-11-03 19:26:22 | Deep Dive |
| CVE-2021-36899 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | Gabe Livan | Asset CleanUp: Page Speed Booster (WordPress plugin) | Medium | 4.8 | 2022-10-11 17:02:10 | Deep Dive |
| CVE-2022-36798 | WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability | Topdigitaltrends | Mega Addons For WPBakery Page Builder (WordPress plugin) | Medium | 5.4 | 2022-09-23 13:40:26 | Deep Dive |
| CVE-2022-2716 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor | justinbusa | Beaver Builder – WordPress Page Builder | Medium | 6.4 | 2022-09-06 17:19:00 | Deep Dive |
| CVE-2022-2934 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL | justinbusa | Beaver Builder – WordPress Page Builder | Medium | 6.4 | 2022-09-06 17:19:00 | Deep Dive |
| CVE-2022-2695 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption' | justinbusa | Beaver Builder – WordPress Page Builder | Medium | 6.4 | 2022-09-06 17:18:59 | Deep Dive |
| CVE-2022-2516 | Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' | visualcomposer | Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages | Medium | 6.4 | 2022-09-06 17:18:58 | Deep Dive |
| CVE-2022-2517 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover | justinbusa | Beaver Builder – WordPress Page Builder | Medium | 6.4 | 2022-09-06 17:18:58 | Deep Dive |
| CVE-2022-2430 | Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' | visualcomposer | Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages | Medium | 6.4 | 2022-09-06 17:18:56 | Deep Dive |
| CVE-2022-36425 | WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability | The Beaver Builder Team | Beaver Builder – WordPress Page Builder (WordPress plugin) | Medium | 5.4 | 2022-09-06 17:18:55 | Deep Dive |
| CVE-2022-2152 | Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting | Unknown | Duplicate Page and Post | 中危 | - | 2022-08-15 08:36:07 | Deep Dive |
| CVE-2022-2341 | Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting | Unknown | Simple Page Transition | 中危 | - | 2022-07-25 12:48:36 | Deep Dive |
| CVE-2022-2437 | Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization | slickremix | Feed Them Social – Social Media Feeds, Video, and Photo Galleries | Critical | 9.8 | 2022-07-18 16:13:40 | Deep Dive |
| CVE-2022-2169 | Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting | Unknown | Loading Page with Loading Screen | 中危 | - | 2022-07-17 10:36:52 | Deep Dive |
| CVE-2022-2100 | Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting | Unknown | Page Generator | 中危 | - | 2022-07-17 10:35:58 | Deep Dive |
| CVE-2022-2093 | WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting | Unknown | WP Duplicate Page | 中危 | - | 2022-07-11 12:57:32 | Deep Dive |
| CVE-2022-2089 | Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting | Unknown | Bold Page Builder | 中危 | - | 2022-07-11 12:57:15 | Deep Dive |