| CVE-2025-14729 | CTCMS Content Management System Backend App Configuration Ct_App.php save code injection | CTCMS | Content Management System | Medium | 4.7 | 2025-12-15 23:02:07 | Deep Dive |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-11970 | Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery | emplibot | Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated | Medium | 4.4 | 2025-12-13 04:31:20 | Deep Dive |
| CVE-2025-14159 | Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export | ays-pro | Secure Copy Content Protection and Content Locking | Medium | 4.3 | 2025-12-12 11:15:50 | Deep Dive |
| CVE-2025-14442 | Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File | ays-pro | Secure Copy Content Protection and Content Locking | Medium | 5.3 | 2025-12-12 11:15:49 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |
| CVE-2025-59132 | WordPress Duplicate Content Cure plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | Badi Jones | Duplicate Content Cure | - | - | 2025-12-09 14:52:19 | Deep Dive |
| CVE-2025-42877 | Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server | SAP_SE | SAP Web Dispatcher, Internet Communication Manager and SAP Content Server | High | 7.5 | 2025-12-09 02:14:51 | Deep Dive |
| CVE-2025-12189 | Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents <= 7.11.1374 - Cross-Site Request Forgery to Arbitrary File Upload | breadbutter | Bread & Butter: AI-Powered Lead Intelligence | Medium | 4.3 | 2025-12-05 05:31:28 | Deep Dive |
| CVE-2025-12585 | MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure | mxchat | MxChat – AI Chatbot & Content Generation for WordPress | Medium | 5.3 | 2025-12-03 03:27:15 | Deep Dive |
| CVE-2025-13381 | AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads | ays-pro | AI ChatBot with ChatGPT and Content Generator by AYS | Medium | 5.3 | 2025-11-27 09:27:50 | Deep Dive |
| CVE-2025-13378 | AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter | ays-pro | AI ChatBot with ChatGPT and Content Generator by AYS | Medium | 6.5 | 2025-11-27 09:27:48 | Deep Dive |
| CVE-2025-13380 | AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read | liquidthemes | AI Engine for WordPress: ChatGPT, GPT Content Generator | Medium | 6.5 | 2025-11-25 07:28:25 | Deep Dive |
| CVE-2025-12525 | Locker Content <= 1.0.0 - Unauthenticated Information Exposure | appglut | Locker Content | Medium | 5.3 | 2025-11-25 07:28:22 | Deep Dive |
| CVE-2025-12973 | S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload | oc3dots | S2B AI Assistant – ChatBot, AI Agents, ChatGPT API, Image Generator | High | 7.2 | 2025-11-21 16:28:14 | Deep Dive |
| CVE-2025-64263 | WordPress WP Content Pilot plugin <= 2.1.7 - Broken Access Control vulnerability | PluginEver | WP Content Pilot | Medium | 5.4 | 2025-11-13 09:24:28 | Deep Dive |
| CVE-2025-11769 | WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | aumsrini | WordPress Content Flipper | Medium | 6.4 | 2025-11-13 08:27:48 | Deep Dive |
| CVE-2025-11454 | Specific Content For Mobile – Customize the mobile version without redirections <= 0.5.5 - Authenticated (Contributor+) SQL Injection | giuse | Specific Content For Mobile – Customize the mobile version without redirections | Medium | 6.5 | 2025-11-12 11:05:39 | Deep Dive |
| CVE-2025-62039 | WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability | Ays Pro | AI ChatBot with ChatGPT and Content Generator by AYS | 中危 | - | 2025-11-06 15:55:37 | Deep Dive |
| CVE-2025-60198 | WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability | dedalx | Saxon - Viral Content Blog & Magazine Marketing WordPress Theme | 中危 | - | 2025-11-06 15:54:56 | Deep Dive |