| CVE-2025-9952 | Trinity Audio <= 5.20.2 - Reflected Cross-Site Scripting | sergiotrinity | Trinity Audio – Text to Speech AI audio player to convert content into audio | Medium | 6.1 | 2025-10-04 03:33:31 | Deep Dive |
| CVE-2025-9889 | ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery | contentmx | ContentMX Content Publisher | Medium | 4.3 | 2025-10-03 11:17:19 | Deep Dive |
| CVE-2025-9075 | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns | Medium | 6.4 | 2025-10-01 03:25:24 | Deep Dive |
| CVE-2025-60109 | WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability | LambertGroup | LambertGroup - AllInOne - Content Slider | High | 8.5 | 2025-09-26 08:31:27 | Deep Dive |
| CVE-2025-59002 | WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion Vulnerability | SeaTheme | BM Content Builder | High | 7.7 | 2025-09-26 08:31:09 | Deep Dive |
| CVE-2025-58011 | WordPress Content Mask plugin <= 1.8.5.2 - Server Side Request Forgery (SSRF) vulnerability | Alex | Content Mask | Medium | 6.4 | 2025-09-22 18:24:08 | Deep Dive |
| CVE-2025-58012 | WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability | Alex | Content Mask | Low | 3.8 | 2025-09-22 18:24:07 | Deep Dive |
| CVE-2025-58670 | WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability | Shankaranand Maurya | WP Content Protection | High | 7.1 | 2025-09-22 18:22:55 | Deep Dive |
| CVE-2025-8394 | Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode | productiveminds | Productive Style – Optimisations & Content Publishing Support | Medium | 6.4 | 2025-09-17 01:49:15 | Deep Dive |
| CVE-2025-8716 | Cache exploitation vulnerability | OpenText | OpenText Content Management | - | - | 2025-09-11 13:42:02 | Deep Dive |
| CVE-2025-59008 | WordPress ZIP Code Based Content Protection plugin <= 1.0.0 - SQL Injection vulnerability | PressTigers | ZIP Code Based Content Protection | High | 7.6 | 2025-09-09 16:25:21 | Deep Dive |
| CVE-2025-8722 | Content Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2025-09-06 03:22:35 | Deep Dive |
| CVE-2025-9085 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.9 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-58857 | WordPress Table of content Plugin <= 1.5.3.1 - Cross Site Request Forgery (CSRF) Vulnerability | KaizenCoders | Table of content | High | 7.1 | 2025-09-05 13:45:38 | Deep Dive |
| CVE-2025-58851 | WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability | DigitalCourt | Boxed Content | Medium | 6.5 | 2025-09-05 13:45:35 | Deep Dive |
| CVE-2025-58829 | WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.3 - Server Side Request Forgery (SSRF) vulnerability | aitool | Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One | Medium | 4.9 | 2025-09-05 13:45:23 | Deep Dive |
| CVE-2025-58602 | WordPress If-So Dynamic Content Personalization Plugin <= 1.9.4 - Cross Site Scripting (XSS) Vulnerability | If-So Dynamic Content | If-So Dynamic Content Personalization | Medium | 6.5 | 2025-09-03 14:36:41 | Deep Dive |
| CVE-2025-53299 | WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability | ThemeMakers | ThemeMakers Visual Content Composer | Critical | 9.8 | 2025-08-20 08:03:16 | Deep Dive |
| CVE-2025-8878 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2025-08-16 11:11:24 | Deep Dive |
| CVE-2025-7507 | elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation | elinkcontent | elink – Embed Content | Medium | 6.4 | 2025-08-15 08:25:41 | Deep Dive |