| CVE-2026-24594 | WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability | livemesh | Livemesh Addons for WPBakery Page Builder | Medium | 5.9 | 2026-01-23 14:29:02 | Deep Dive |
| CVE-2025-68896 | WordPress WDV One Page Docs plugin <= 1.2.4 - Broken Access Control vulnerability | vrpr | WDV One Page Docs | - | - | 2026-01-22 16:52:12 | Deep Dive |
| CVE-2025-14001 | WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication | ninjateam | WP Duplicate Page | Medium | 5.4 | 2026-01-13 11:21:20 | Deep Dive |
| CVE-2025-14172 | WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush | infosatech | WP Page Permalink Extension | Medium | 6.5 | 2026-01-09 11:15:35 | Deep Dive |
| CVE-2026-22490 | WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability | niklaslindemann | Bulk Landing Page Creator for WordPress LPagery | Medium | 5.4 | 2026-01-08 16:24:38 | Deep Dive |
| CVE-2025-15000 | Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter | tfrommen | Page Keys | Medium | 4.4 | 2026-01-07 08:21:50 | Deep Dive |
| CVE-2025-30631 | WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Cross Site Scripting (XSS) Vulnerability | AA-Team | Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) | High | 7.1 | 2026-01-06 20:30:34 | Deep Dive |
| CVE-2025-29004 | WordPress Responsive Coming Soon Landing Page / Holding Page for WordPress plugin <= 3.0 - Privilege Escalation Vulnerability | AA-Team | Responsive Coming Soon Landing Page / Holding Page for WordPress | High | 8.8 | 2026-01-06 20:25:59 | Deep Dive |
| CVE-2025-69345 | WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability | BoldGrid | Post and Page Builder by BoldGrid | Medium | 4.3 | 2026-01-06 16:36:39 | Deep Dive |
| CVE-2025-14441 | Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | Medium | 4.3 | 2026-01-06 04:31:56 | Deep Dive |
| CVE-2025-14153 | Page Expire Popup/Redirection for WordPress <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute | vikasratudi | Page Expire Popup/Redirection for WordPress | Medium | 6.5 | 2026-01-06 03:21:40 | Deep Dive |
| CVE-2024-23511 | WordPress The Plus Addons for Elementor plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability | POSIMYTH | The Plus Addons for Elementor Page Builder Lite | Medium | 6.5 | 2026-01-05 13:33:58 | Deep Dive |
| CVE-2025-14998 | Branda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover | wpmudev | Branda – White Label & Branding, Free Login Page Customizer | Critical | 9.8 | 2026-01-02 01:48:20 | Deep Dive |
| CVE-2025-30628 | WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) plugin <= 1.2 - SQL Injection Vulnerability | AA-Team | Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) | High | 8.5 | 2025-12-31 20:03:50 | Deep Dive |
| CVE-2025-63022 | WordPress Simple Like Page plugin <= 1.5.3 - Broken Access Control vulnerability | topdevs.net | Simple Like Page | Medium | 5.3 | 2025-12-31 15:06:38 | Deep Dive |
| CVE-2025-62744 | WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability | Chris Steman | Page Title Splitter | Medium | 6.5 | 2025-12-31 12:49:48 | Deep Dive |
| CVE-2025-68885 | WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | page-carbajal | Custom Post Status | High | 7.1 | 2025-12-31 05:34:27 | Deep Dive |
| CVE-2025-23554 | WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | Jakub Glos | Off Page SEO | High | 7.1 | 2025-12-29 23:51:33 | Deep Dive |
| CVE-2025-68598 | WordPress Page Builder: Live Composer plugin <= 2.1.13 - Cross Site Scripting (XSS) vulnerability | LiveComposer | Page Builder: Live Composer | Medium | 6.5 | 2025-12-24 13:10:46 | Deep Dive |
| CVE-2025-68581 | WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability | YITHEMES | YITH Slider for page builders | Medium | 5.4 | 2025-12-24 13:10:41 | Deep Dive |