| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5717 | VI: Include Post By <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute | knighthawk | VI: Include Post By | Medium | 6.4 | 2026-04-15 07:45:29 | Deep Dive |
| CVE-2026-39639 | WordPress RPS Include Content plugin <= 1.2.2 - Broken Access Control vulnerability | redpixelstudios | RPS Include Content | - | - | 2026-04-08 08:30:32 | Deep Dive |
| CVE-2025-11129 | Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type' | mheob | Include Fussball.de Widgets | Medium | 6.4 | 2025-11-11 03:30:51 | Deep Dive |
| CVE-2025-59940 | mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders | mondeja | mkdocs-include-markdown-plugin | Medium | 6.5 | 2025-09-29 22:27:30 | Deep Dive |
| CVE-2025-58983 | WordPress Include Me Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability | Stefano Lissa | Include Me | Medium | 5.9 | 2025-09-09 16:33:15 | Deep Dive |
| CVE-2025-30596 | WordPress include-file plugin <= 1 - Arbitrary File Download Vulnerability | tstafford | include-file | Medium | 6.5 | 2025-04-03 13:27:08 | Deep Dive |
| CVE-2025-30594 | WordPress Include URL plugin <= 0.3.5 Arbitrary File Download Vulnerability | samsk | Include URL | Medium | 6.5 | 2025-04-01 05:31:35 | Deep Dive |
| CVE-2025-31093 | WordPress RPS Include Content plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability | redpixelstudios | RPS Include Content | Medium | 6.5 | 2025-03-28 09:39:53 | Deep Dive |
| CVE-2025-22660 | WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability | Wolfgang | Include Mastodon Feed | Medium | 6.5 | 2025-03-27 14:26:07 | Deep Dive |
| CVE-2025-30595 | WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability | tstafford | include-file | Medium | 6.5 | 2025-03-24 13:47:18 | Deep Dive |
| CVE-2025-30593 | WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability | samsk | Include URL | Medium | 6.5 | 2025-03-24 13:47:17 | Deep Dive |
| CVE-2024-11455 | Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | wolfgang101 | Include Mastodon Feed | Medium | 6.4 | 2024-11-21 02:06:24 | Deep Dive |
| CVE-2024-47643 | WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability | Alex | Include Fussball.de Widgets | Medium | 6.5 | 2024-10-05 12:56:49 | Deep Dive |
| CVE-2023-25796 | WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | Include | WP BaiDu Submit | Medium | 5.9 | 2023-05-03 11:08:14 | Deep Dive |
| CVE-2022-24803 | Command Injection vulnerability in asciidoctor-include-ext | jirutka | asciidoctor-include-ext | Critical | 10.0 | 2022-03-31 23:30:14 | Deep Dive |
| CVE-2021-24845 | Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access | Unknown | Improved Include Page | 中危 | - | 2021-12-13 10:41:05 | Deep Dive |
| CVE-2021-24453 | Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning | Unknown | Include Me | 高危 | - | 2021-07-19 10:53:18 | Deep Dive |