| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6393 | BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 4.3 | 2026-04-24 03:27:06 | Deep Dive |
| CVE-2026-2951 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML | gutentor | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | Medium | 5.4 | 2026-04-23 02:25:21 | Deep Dive |
| CVE-2018-25260 | MAGIX Music Editor 3.1 Buffer Overflow via SEH | Magix | MAGIX Music Editor | High | 8.4 | 2026-04-22 14:56:58 | Deep Dive |
| CVE-2026-3875 | BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.4 | 2026-04-16 06:44:52 | Deep Dive |
| CVE-2026-1672 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 6.5 | 2026-04-08 11:16:59 | Deep Dive |
| CVE-2026-1673 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 4.3 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-39640 | WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability | mndpsingh287 | Theme Editor | - | - | 2026-04-08 08:30:32 | Deep Dive |
| CVE-2026-2826 | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2026-3774 | Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor | Foxit Software Inc. | Foxit PDF Editor | Medium | 4.7 | 2026-04-01 01:40:39 | Deep Dive |
| CVE-2026-3775 | Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | Foxit Software Inc. | Foxit PDF Editor | High | 7.8 | 2026-04-01 01:40:37 | Deep Dive |
| CVE-2026-3776 | Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation | Foxit Software Inc. | Foxit PDF Editor | Medium | 5.5 | 2026-04-01 01:40:35 | Deep Dive |
| CVE-2026-3780 | Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation | Foxit Software Inc. | Foxit PDF Reader | High | 7.3 | 2026-04-01 01:40:34 | Deep Dive |
| CVE-2026-3778 | Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader | Foxit Software Inc. | Foxit PDF Editor | Medium | 6.2 | 2026-04-01 01:40:32 | Deep Dive |
| CVE-2026-3779 | Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability | Foxit Software Inc. | Foxit PDF Editor | High | 7.8 | 2026-04-01 01:40:30 | Deep Dive |
| CVE-2026-3777 | Use after free of view cache in Foxit PDF Editor/Reader | Foxit Software Inc. | Foxit PDF Editor | Medium | 5.5 | 2026-04-01 01:40:28 | Deep Dive |
| CVE-2026-3139 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 4.3 | 2026-03-31 11:18:56 | Deep Dive |
| CVE-2026-2602 | Twentig <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' | twentig | Twentig Supercharged Block Editor – Blocks, Patterns, Starter Sites, Portfolio | Medium | 6.4 | 2026-03-29 01:24:46 | Deep Dive |
| CVE-2026-4038 | Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call | CodeRevolution | Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit | Critical | 9.8 | 2026-03-20 03:37:02 | Deep Dive |
| CVE-2026-27067 | WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability | Syarif | Mobile App Editor | Critical | 9.1 | 2026-03-19 08:41:18 | Deep Dive |
| CVE-2026-32456 | WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability | Janis Elsts | Admin Menu Editor | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |