| CVE-2025-14434 | Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure | Unknown | Ultimate Post Kit Addons for Elementor | 中危 | - | 2025-12-31 06:00:11 | Deep Dive |
| CVE-2025-68885 | WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | page-carbajal | Custom Post Status | High | 7.1 | 2025-12-31 05:34:27 | Deep Dive |
| CVE-2025-14913 | Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 5.3 | 2025-12-25 23:20:03 | Deep Dive |
| CVE-2025-68605 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2025-12-24 13:10:48 | Deep Dive |
| CVE-2025-67622 | WordPress Evergreen Post Tweeter plugin <= 1.8.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | titopandub | Evergreen Post Tweeter | High | 7.1 | 2025-12-24 13:10:21 | Deep Dive |
| CVE-2025-12980 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 7.5 | 2025-12-21 02:20:33 | Deep Dive |
| CVE-2025-14080 | Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 5.3 | 2025-12-21 02:20:31 | Deep Dive |
| CVE-2025-63043 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDOR) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 5.3 | 2025-12-18 16:45:08 | Deep Dive |
| CVE-2025-66058 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2025-12-18 16:15:15 | Deep Dive |
| CVE-2025-64258 | WordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerability | wpweb | Follow My Blog Post | - | - | 2025-12-18 07:22:14 | Deep Dive |
| CVE-2025-13741 | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure | publishpress | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | Medium | 4.3 | 2025-12-16 11:15:45 | Deep Dive |
| CVE-2025-13794 | Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification | themeisle | Auto Featured Image (Auto Post Thumbnail) | Medium | 4.3 | 2025-12-16 05:25:20 | Deep Dive |
| CVE-2025-14056 | Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter | webdevstudios | Custom Post Type UI | Medium | 4.4 | 2025-12-13 03:20:26 | Deep Dive |
| CVE-2025-12348 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-12-12 09:20:29 | Deep Dive |
| CVE-2025-12650 | Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | sgcoskey | Simple post listing | Medium | 6.4 | 2025-12-12 03:21:00 | Deep Dive |
| CVE-2025-11467 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 5.8 | 2025-12-11 01:55:32 | Deep Dive |
| CVE-2025-62996 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability | Code Amp | Custom Layouts – Post + Product grids made easy | - | - | 2025-12-09 14:52:26 | Deep Dive |
| CVE-2025-62865 | WordPress Post Cloner plugin <= 1.0.0 - Broken Access Control vulnerability | Evan Herman | Post Cloner | - | - | 2025-12-09 14:52:24 | Deep Dive |
| CVE-2025-67563 | WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability | Saad Iqbal | Post SMTP | Medium | 5.3 | 2025-12-09 14:14:11 | Deep Dive |
| CVE-2025-67533 | WordPress Themify Portfolio Post plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | themifyme | Themify Portfolio Post | High | 7.1 | 2025-12-09 14:14:03 | Deep Dive |