| CVE-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2025-11-01 03:34:36 | Deep Dive |
| CVE-2025-62943 | WordPress Next Page, Not Next Post plugin <= 0.3.0 - Cross Site Scripting (XSS) vulnerability | Matt McInvale | Next Page, Not Next Post | Medium | 6.5 | 2025-10-27 01:34:06 | Deep Dive |
| CVE-2025-62937 | WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability | Johnny | Post List Featured Image | Medium | 6.5 | 2025-10-27 01:34:04 | Deep Dive |
| CVE-2025-62924 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2025-10-27 01:33:59 | Deep Dive |
| CVE-2025-62907 | WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability | aviplugins.com | Custom Post Type Attachment | Medium | 6.5 | 2025-10-27 01:33:53 | Deep Dive |
| CVE-2025-11128 | Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 5.0 | 2025-10-23 12:32:33 | Deep Dive |
| CVE-2025-62062 | WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability | ThemeRuby | Easy Post Submission | Medium | 5.5 | 2025-10-22 14:32:53 | Deep Dive |
| CVE-2025-62042 | WordPress Event post plugin <= 5.10.3 - Cross Site Scripting (XSS) vulnerability | Bastien Ho | Event post | - | - | 2025-10-22 14:32:51 | Deep Dive |
| CVE-2025-52741 | WordPress Post Connector Plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability | Barry Kooij | Post Connector | - | - | 2025-10-22 14:32:24 | Deep Dive |
| CVE-2025-49937 | WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability | Syed Balkhi | Smash Balloon Social Post Feed | Medium | 4.3 | 2025-10-22 14:32:17 | Deep Dive |
| CVE-2025-10191 | Big Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | fusedsoftware | Big Post Shipping for WooCommerce | Medium | 6.4 | 2025-09-30 03:35:29 | Deep Dive |
| CVE-2025-9762 | Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments | westi | Post By Email | Critical | 9.8 | 2025-09-30 03:35:28 | Deep Dive |
| CVE-2025-60137 | WordPress Post Featured Video Plugin <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability | Galaxy Weblinks | Post Featured Video | Medium | 4.3 | 2025-09-26 08:31:44 | Deep Dive |
| CVE-2025-60116 | WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerability | ThemeGoods | Grand Conference Theme Custom Post Type | Medium | 5.4 | 2025-09-26 08:31:34 | Deep Dive |
| CVE-2025-57955 | WordPress Post Carousel Slider for Elementor Plugin <= 1.7.0 - Broken Access Control Vulnerability | Plugin Devs | Post Carousel Slider for Elementor | Medium | 6.5 | 2025-09-22 18:24:48 | Deep Dive |
| CVE-2025-58255 | WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability | yonisink | Custom Post Type Images | Critical | 9.6 | 2025-09-22 18:23:26 | Deep Dive |
| CVE-2025-8481 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery | mdimran41 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid | Medium | 4.3 | 2025-09-11 07:24:58 | Deep Dive |
| CVE-2025-6189 | Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter | arjunthakur | Duplicate Page and Post | Medium | 6.5 | 2025-09-10 06:38:46 | Deep Dive |
| CVE-2025-8722 | Content Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2025-09-06 03:22:35 | Deep Dive |
| CVE-2025-6067 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2025-09-06 01:47:27 | Deep Dive |