| CVE-2023-25988 | WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability | totalsoft | Video Gallery – YouTube Gallery | High | 7.5 | 2024-12-13 14:23:19 | Deep Dive |
| CVE-2024-12162 | Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting | suiteplugins | Video & Photo Gallery for Ultimate Member | Medium | 6.1 | 2024-12-12 04:23:14 | Deep Dive |
| CVE-2024-9769 | Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | totalsoft | Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery | Medium | 4.4 | 2024-12-06 03:25:39 | Deep Dive |
| CVE-2024-10247 | YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection | totalsoft | Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery | High | 7.2 | 2024-12-06 03:25:39 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-53713 | WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability | rickota | Silverlight Video Player | High | 7.1 | 2024-12-02 13:48:48 | Deep Dive |
| CVE-2024-53782 | WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability | cmsaccount | Photo Video Store | High | 7.1 | 2024-12-02 13:48:28 | Deep Dive |
| CVE-2024-53747 | WordPress Video Player for WPBakery plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | nutttaro | Video Player for WPBakery | Medium | 6.5 | 2024-12-01 21:23:56 | Deep Dive |
| CVE-2024-11202 | Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode | creativemindssolutions | CM Header and Footer – Add custom scripts and styles to your header and footer with ease | Medium | 6.1 | 2024-11-26 07:31:32 | Deep Dive |
| CVE-2024-10034 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting | gallerycreator | Mixed Media Gallery Blocks | Medium | 5.5 | 2024-11-22 05:33:42 | Deep Dive |
| CVE-2024-11355 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Exposure | codelizarplugs | Ultimate YouTube Video & Shorts Player With Vimeo | Medium | 4.3 | 2024-11-22 05:33:41 | Deep Dive |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:41 | Deep Dive |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:40 | Deep Dive |
| CVE-2024-9542 | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 4.3 | 2024-11-21 11:02:20 | Deep Dive |
| CVE-2024-11354 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion | codelizarplugs | Ultimate YouTube Video & Shorts Player With Vimeo | Medium | 4.3 | 2024-11-21 02:06:29 | Deep Dive |
| CVE-2024-50552 | WordPress Hover Video Preview plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability | jasonpancake | Hover Video Preview | Medium | 6.5 | 2024-11-19 16:32:04 | Deep Dive |
| CVE-2024-51824 | WordPress Advanced Video Player with Analytics plugin <= 1 - Cross Site Scripting (XSS) vulnerability | Karam Singh | Advanced Video Player with Analytics | Medium | 6.5 | 2024-11-19 16:31:48 | Deep Dive |
| CVE-2024-51854 | WordPress Hola Free Video Player plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability | holanetworks | Hola Free Video Player | Medium | 6.5 | 2024-11-19 16:31:33 | Deep Dive |
| CVE-2024-51935 | WordPress Fast Video and Image Display plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability | Sam Perrow | Fast Video and Image Display | Medium | 6.5 | 2024-11-19 16:30:50 | Deep Dive |
| CVE-2024-51940 | WordPress WP Responsive Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | Sohelwpexpert | WP Responsive Video | Medium | 6.5 | 2024-11-18 22:17:08 | Deep Dive |