| CVE-2026-1003 | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion | roxnor | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools | Medium | 4.3 | 2026-01-16 07:23:09 | Deep Dive |
| CVE-2025-15266 | GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting | ahmadgb | GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation | High | 7.2 | 2026-01-14 05:28:11 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2026-0567 | code-projects Content Management System pages.php sql injection | code-projects | Content Management System | High | 7.3 | 2026-01-02 17:32:06 | Deep Dive |
| CVE-2026-0566 | code-projects Content Management System edit_posts.php unrestricted upload | code-projects | Content Management System | Medium | 4.7 | 2026-01-02 16:32:05 | Deep Dive |
| CVE-2026-0565 | code-projects Content Management System delete.php sql injection | code-projects | Content Management System | High | 7.3 | 2026-01-02 14:02:07 | Deep Dive |
| CVE-2026-0546 | code-projects Content Management System search.php sql injection | code-projects | Content Management System | High | 7.3 | 2026-01-02 09:02:07 | Deep Dive |
| CVE-2025-62154 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One plugin <= 1.1.7 - Broken Access Control vulnerability | recorp | AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One | Medium | 4.3 | 2025-12-31 15:41:51 | Deep Dive |
| CVE-2025-49358 | WordPress Content Fetcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | Ruhul Amin | Content Fetcher | Medium | 6.5 | 2025-12-31 12:01:16 | Deep Dive |
| CVE-2025-62749 | WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability | Bainternet | User Specific Content | Medium | 6.5 | 2025-12-31 11:59:32 | Deep Dive |
| CVE-2025-15197 | code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload | code-projects | Content Management System | Medium | 4.7 | 2025-12-29 17:02:06 | Deep Dive |
| CVE-2025-68879 | WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability | councilsoft | Content Grid Slider | High | 7.1 | 2025-12-29 15:58:58 | Deep Dive |
| CVE-2025-14000 | Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | stellarwp | Membership Plugin – Restrict Content | Medium | 6.4 | 2025-12-23 11:13:49 | Deep Dive |
| CVE-2025-13220 | Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-21 03:20:06 | Deep Dive |
| CVE-2025-12492 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-12-20 08:22:10 | Deep Dive |
| CVE-2025-14081 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2025-12-17 18:21:36 | Deep Dive |
| CVE-2025-13217 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-17 18:21:35 | Deep Dive |
| CVE-2025-68082 | WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability | SEMrush CY LTD | Semrush Content Toolkit | Medium | 5.4 | 2025-12-16 08:13:05 | Deep Dive |
| CVE-2025-14731 | CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine | CTCMS | Content Management System | Medium | 6.3 | 2025-12-15 23:32:09 | Deep Dive |
| CVE-2025-14730 | CTCMS Content Management System Backend System Configuration Ct_Config.php code injection | CTCMS | Content Management System | Medium | 4.7 | 2025-12-15 23:02:10 | Deep Dive |