| CVE-2026-3645 | Punnel <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action | punnel | Punnel – Landing Page Builder | Medium | 5.3 | 2026-03-21 03:27:00 | Deep Dive |
| CVE-2026-24620 | WordPress Landing Page Builder plugin <= 1.5.3.4 - Cross Site Scripting (XSS) vulnerability | PluginOps | Landing Page Builder | 中危 | - | 2026-01-23 14:29:06 | Deep Dive |
| CVE-2025-14119 | App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | themebon | App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | Medium | 6.4 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-12165 | Webcake – Landing Page Builder <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update | huyme | Webcake – Landing Page Builder | Medium | 4.3 | 2025-12-05 05:31:22 | Deep Dive |
| CVE-2025-3949 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | seedprod | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | Medium | 4.3 | 2025-05-09 08:24:05 | Deep Dive |
| CVE-2020-36839 | WP Lead Plus X <= 0.99 - Cross-Site Request Forgery | bc2018 | WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X | High | 8.3 | 2024-10-16 06:43:45 | Deep Dive |
| CVE-2024-43345 | WordPress Landing Page Builder plugin <= 1.5.2.0 - Local File Inclusion vulnerability | PluginOps | Landing Page Builder | High | 7.5 | 2024-08-19 19:28:12 | Deep Dive |
| CVE-2023-24379 | WordPress Landing Page Builder – Free Landing Page Templates plugin <= 3.1.9.9 - Local File Inclusion vulnerability | Web-Settler | Landing Page Builder – Free Landing Page Templates | Medium | 6.8 | 2024-05-17 06:34:01 | Deep Dive |
| CVE-2024-34752 | WordPress Landing Page Builder <= 1.5.1.8 - Cross Site Scripting (XSS) vulnerability | PluginOps | Landing Page Builder | High | 7.1 | 2024-05-17 06:01:38 | Deep Dive |
| CVE-2024-30452 | WordPress Landing Page Builder plugin <= 1.5.1.7 - Cross Site Scripting (XSS) vulnerability | PluginOps | Landing Page Builder | Medium | 5.9 | 2024-03-29 16:40:08 | Deep Dive |
| CVE-2024-1793 | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection | aweber | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth | High | 7.2 | 2024-03-13 15:27:24 | Deep Dive |
| CVE-2023-6880 | Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | visualcomposer | Visual Composer Website Builder | Medium | 6.4 | 2024-03-13 15:26:52 | Deep Dive |
| CVE-2024-1072 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage | seedprod | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | High | 8.2 | 2024-02-05 21:21:51 | Deep Dive |
| CVE-2023-7019 | LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization | themeisle | LightStart – Maintenance Mode, Coming Soon and Landing Page Builder | Medium | 4.3 | 2024-01-11 08:32:53 | Deep Dive |
| CVE-2023-48325 | WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection | PluginOps | Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages | Medium | 4.7 | 2023-12-07 11:32:44 | Deep Dive |
| CVE-2023-47757 | WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control | AWeber | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth | Medium | 4.3 | 2023-11-17 08:52:19 | Deep Dive |
| CVE-2023-4975 | Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update | seedprod | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | Medium | 4.3 | 2023-10-20 06:35:13 | Deep Dive |
| CVE-2023-40675 | WordPress Landing Page Builder Plugin <= 1.5.1.2 is vulnerable to Cross Site Scripting (XSS) | PluginOps | Landing Page Builder | Medium | 5.9 | 2023-09-27 07:22:01 | Deep Dive |
| CVE-2020-36722 | Visual Composer <= 26.0 - Multiple Cross-Site Scripting | visualcomposer | Visual Composer Website Builder | Medium | 5.5 | 2023-06-07 01:51:43 | Deep Dive |
| CVE-2022-4718 | Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode | Unknown | Landing Page Builder | 中危 | - | 2023-01-23 14:32:01 | Deep Dive |