| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12934 | Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | High | 8.1 | 2025-12-23 09:20:02 | Deep Dive |
| CVE-2025-62094 | WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerability | voidthemes | Void Elementor WHMCS Elements For Elementor Page Builder | Medium | 6.5 | 2025-12-22 09:47:18 | Deep Dive |
| CVE-2025-62107 | WordPress Feather Login Page plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability | PluginOps | Feather Login Page | Medium | 4.3 | 2025-12-22 09:32:48 | Deep Dive |
| CVE-2025-14054 | WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute | hasthemes | WC Builder – WooCommerce Page Builder for WPBakery | Medium | 4.4 | 2025-12-21 02:20:32 | Deep Dive |
| CVE-2025-11747 | Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | extendthemes | Colibri Page Builder | Medium | 6.4 | 2025-12-19 08:23:41 | Deep Dive |
| CVE-2025-14437 | Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File | wpmudev | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | High | 7.5 | 2025-12-18 12:22:27 | Deep Dive |
| CVE-2025-49902 | WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability | A WP Life | Login Page Customizer – Customizer Login Page, Admin Page, Custom Design | Medium | 6.5 | 2025-12-18 07:21:44 | Deep Dive |
| CVE-2025-11369 | Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 4.3 | 2025-12-17 01:48:52 | Deep Dive |
| CVE-2025-11220 | Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-12-16 11:15:44 | Deep Dive |
| CVE-2025-54005 | WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability | sonalsinha21 | SKT Page Builder | Medium | 4.3 | 2025-12-16 08:12:46 | Deep Dive |
| CVE-2025-0969 | Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function | themefusecom | Brizy – Page Builder | Medium | 6.5 | 2025-12-13 08:21:14 | Deep Dive |
| CVE-2025-14475 | Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter | nenad-obradovic | Extensive VC Addons for WPBakery page builder | High | 8.1 | 2025-12-13 04:31:25 | Deep Dive |
| CVE-2025-11376 | Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting | extendthemes | Colibri Page Builder | Medium | 6.4 | 2025-12-13 04:31:24 | Deep Dive |
| CVE-2025-14119 | App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | themebon | App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | Medium | 6.4 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-63034 | WordPress Page View Count plugin <= 2.9.0 - Settings Change vulnerability | Steve Truman | Page View Count | Medium | 5.4 | 2025-12-09 14:52:30 | Deep Dive |
| CVE-2025-66528 | WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability | VillaTheme | Thank You Page Customizer for WooCommerce | Medium | 4.3 | 2025-12-09 14:13:53 | Deep Dive |
| CVE-2025-12558 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 4.3 | 2025-12-09 13:51:07 | Deep Dive |
| CVE-2025-13377 | 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache | 10web | 10Web Booster – Website speed optimization, Cache & Page Speed optimizer | Critical | 9.6 | 2025-12-06 06:39:09 | Deep Dive |
| CVE-2025-13629 | WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update | xbenx | WP Landing Page | Medium | 4.3 | 2025-12-06 05:49:26 | Deep Dive |
| CVE-2025-12128 | Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update | kaushikankrani | Hide Categories Or Products On Shop Page | Medium | 4.3 | 2025-12-05 05:31:28 | Deep Dive |