| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-59593 | WordPress Colibri Page Builder Plugin < 1.0.334 - Cross Site Scripting (XSS) Vulnerability | Extend Themes | Colibri Page Builder | Medium | 5.9 | 2025-10-22 14:32:40 | Deep Dive |
| CVE-2025-11270 | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-10-18 06:42:48 | Deep Dive |
| CVE-2025-10006 | WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpbakery | WPBakery Page Builder | Medium | 6.4 | 2025-10-18 06:42:46 | Deep Dive |
| CVE-2025-11361 | Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 6.4 | 2025-10-18 04:25:57 | Deep Dive |
| CVE-2025-11160 | WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module | wpbakery | WPBakery Page Builder | Medium | 6.4 | 2025-10-15 06:43:57 | Deep Dive |
| CVE-2025-11161 | WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode | wpbakery | WPBakery Page Builder | Medium | 6.4 | 2025-10-15 06:43:56 | Deep Dive |
| CVE-2025-10175 | WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection | rico-macchi | WP Links Page | Medium | 6.5 | 2025-10-11 09:28:41 | Deep Dive |
| CVE-2025-9626 | Page Blocks <= 1.1.0 - Cross-Site Request Forgery | softwud | Page Blocks | Medium | 4.3 | 2025-10-11 09:28:39 | Deep Dive |
| CVE-2025-9560 | Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode | extendthemes | Colibri Page Builder | Medium | 6.4 | 2025-10-11 02:24:52 | Deep Dive |
| CVE-2025-10862 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | High | 7.5 | 2025-10-09 08:23:17 | Deep Dive |
| CVE-2025-8624 | Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget | wpdive | Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2025-09-30 03:35:29 | Deep Dive |
| CVE-2025-60167 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Sensitive Data Exposure Vulnerability | honzat | Page Manager for Elementor | Medium | 4.3 | 2025-09-26 08:32:04 | Deep Dive |
| CVE-2025-58965 | WordPress Fusion Page Builder : Extension – Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability | Agency Dominion Inc. | Fusion Page Builder : Extension – Gallery | Medium | 6.5 | 2025-09-22 18:26:11 | Deep Dive |
| CVE-2025-53463 | WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability | HT Plugins | HT Mega – Absolute Addons for WPBakery Page Builder | Medium | 6.5 | 2025-09-22 18:25:36 | Deep Dive |
| CVE-2025-58030 | WordPress Page-list Plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability | webvitaly | Page-list | Medium | 6.5 | 2025-09-22 18:23:54 | Deep Dive |
| CVE-2025-8487 | Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation | extendthemes | Kubio AI Page Builder | Medium | 5.4 | 2025-09-19 03:34:48 | Deep Dive |
| CVE-2025-9992 | Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | nko | Ghost Kit – Page Builder Blocks, Motion Effects & Extensions | Medium | 6.4 | 2025-09-18 09:31:28 | Deep Dive |
| CVE-2025-6189 | Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter | arjunthakur | Duplicate Page and Post | Medium | 6.5 | 2025-09-10 06:38:46 | Deep Dive |
| CVE-2025-58980 | WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability | recorp | Export WP Page to Static HTML/CSS | Medium | 5.3 | 2025-09-09 16:33:17 | Deep Dive |
| CVE-2025-58804 | WordPress WooCommerce Single Page Checkout Plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) Vulnerability | brijrajs | WooCommerce Single Page Checkout | Medium | 4.3 | 2025-09-05 13:45:09 | Deep Dive |