| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12388 | B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery | bplugins | Carousel Block – Responsive Image and Content Carousel | Medium | 6.4 | 2025-11-05 06:35:01 | Deep Dive |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2025-11-05 03:27:58 | Deep Dive |
| CVE-2025-12156 | Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation | aitool | Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One | Medium | 4.3 | 2025-11-04 04:27:19 | Deep Dive |
| CVE-2025-10896 | Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload | litonice13 | Image Comparison Addon for Elementor | High | 8.8 | 2025-11-04 04:27:13 | Deep Dive |
| CVE-2025-12171 | RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload | anthonyeden | RESTful Content Syndication | High | 8.8 | 2025-11-01 06:40:40 | Deep Dive |
| CVE-2025-64234 | WordPress Evergreen Content Poster plugin <= 1.4.5 - Broken Access Control vulnerability | Evergreen Content Poster | Evergreen Content Poster | Medium | 4.3 | 2025-10-29 08:38:12 | Deep Dive |
| CVE-2025-62958 | WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability | Clifton Griffin | Simple Content Templates for Blog Posts & Pages | Medium | 4.3 | 2025-10-27 01:34:11 | Deep Dive |
| CVE-2025-62927 | WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability | Nelio Software | Nelio Content | Medium | 6.5 | 2025-10-27 01:34:00 | Deep Dive |
| CVE-2025-62911 | WordPress Rock Convert plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability | Rock Content | Rock Convert | Medium | 6.5 | 2025-10-27 01:33:54 | Deep Dive |
| CVE-2025-11244 | Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Low | 3.7 | 2025-10-25 05:31:20 | Deep Dive |
| CVE-2025-12134 | ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable | bdthemes | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns | Medium | 5.3 | 2025-10-24 09:23:31 | Deep Dive |
| CVE-2025-12072 | Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update | mynamevenu24 | Disable Content Editor For Specific Template | Medium | 4.3 | 2025-10-24 08:23:57 | Deep Dive |
| CVE-2025-49944 | WordPress WPCode Content Ratio plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | Jonatan Jumbert | WPCode Content Ratio | - | - | 2025-10-22 14:32:17 | Deep Dive |
| CVE-2025-49373 | WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability | Evergreen Content Poster | Evergreen Content Poster | Medium | 4.3 | 2025-10-22 14:32:08 | Deep Dive |
| CVE-2025-10313 | Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting | jankimoradiya | Find And Replace content for WordPress | High | 7.2 | 2025-10-15 08:26:03 | Deep Dive |
| CVE-2025-10486 | Content Writer <= 3.6.8 - Unauthenticated Information Exposure via Log File | steadycontent | Content Writer | Medium | 5.3 | 2025-10-15 08:26:02 | Deep Dive |
| CVE-2025-27906 | IBM Content Navigator information disclosure | IBM | Content Navigator | Medium | 5.3 | 2025-10-14 14:08:43 | Deep Dive |
| CVE-2025-10720 | WP Private Content Plus <= 3.6.2 - Password Protection Bypass | Unknown | WP Private Content Plus | - | - | 2025-10-13 09:37:14 | Deep Dive |
| CVE-2025-9196 | Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure | sergiotrinity | Trinity Audio – Text to Speech AI audio player to convert content into audio | Medium | 5.3 | 2025-10-11 07:25:57 | Deep Dive |
| CVE-2025-9886 | Trinity Audio <= 5.20.2 - Cross-Site Request Forgery | sergiotrinity | Trinity Audio – Text to Speech AI audio player to convert content into audio | Medium | 4.3 | 2025-10-04 03:33:32 | Deep Dive |