| CVE-2024-13778 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection | heroplugins | Hero Mega Menu - Responsive WordPress Menu Plugin | Medium | 6.5 | 2025-03-05 09:21:47 | Deep Dive |
| CVE-2024-13779 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting | heroplugins | Hero Mega Menu - Responsive WordPress Menu Plugin | Medium | 6.1 | 2025-03-05 09:21:45 | Deep Dive |
| CVE-2024-13780 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion | heroplugins | Hero Mega Menu - Responsive WordPress Menu Plugin | Medium | 6.5 | 2025-03-05 09:21:44 | Deep Dive |
| CVE-2025-0958 | Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion | nitesh_singh | Ultimate WordPress Auction Plugin | Medium | 5.4 | 2025-03-04 09:22:37 | Deep Dive |
| CVE-2025-23843 | WordPress WP-HR Manager plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | wphrmanager | WP-HR Manager: The Human Resources Plugin for WordPress | High | 7.1 | 2025-03-03 13:30:19 | Deep Dive |
| CVE-2024-9193 | WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update | creativeon | WHMpress - WHMCS WordPress Integration Plugin | Critical | 9.8 | 2025-02-28 08:23:16 | Deep Dive |
| CVE-2024-13907 | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery | boldgrid | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | Medium | 4.9 | 2025-02-27 06:48:39 | Deep Dive |
| CVE-2024-13235 | Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.4 - Authenticated (Subscriber+) SQL Injection | dotonpaper | Pinpoint Booking System – Version 2 | Medium | 6.5 | 2025-02-21 03:21:20 | Deep Dive |
| CVE-2024-11335 | UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultradevs | UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included | Medium | 6.4 | 2025-02-19 07:32:11 | Deep Dive |
| CVE-2025-0521 | Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2025-02-18 11:10:19 | Deep Dive |
| CVE-2024-13556 | Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection | wecantrack | Affiliate Links – Link Cloaking and Management | High | 8.1 | 2025-02-18 05:22:27 | Deep Dive |
| CVE-2024-13609 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php | 1clickmigration | 1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone | Medium | 5.9 | 2025-02-18 04:21:21 | Deep Dive |
| CVE-2024-13677 | GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover | istmoplugins | GetBookingsWP – Appointments Booking Calendar Plugin For WordPress | High | 8.8 | 2025-02-18 04:21:20 | Deep Dive |
| CVE-2024-13555 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation | 1clickmigration | 1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone | Medium | 5.3 | 2025-02-18 04:21:19 | Deep Dive |
| CVE-2025-22676 | WordPress Upcasted S3 Offload plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability | upcasted | AWS S3 for WordPress Plugin – Upcasted | Medium | 6.5 | 2025-02-16 22:17:17 | Deep Dive |
| CVE-2024-13306 | WP Google Map < 1.9.4 - Admin+ Stored XSS | Unknown | Maps Plugin using Google Maps for WordPress | 中危 | - | 2025-02-15 06:00:11 | Deep Dive |
| CVE-2024-13208 | WP Google Map < 1.9.4 - Admin+ Stored XSS | Unknown | Maps Plugin using Google Maps for WordPress | 中危 | - | 2025-02-15 06:00:09 | Deep Dive |
| CVE-2024-11746 | Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Brands for WooCommerce | Medium | 6.4 | 2025-02-12 04:22:14 | Deep Dive |
| CVE-2024-13541 | aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | adirectory | aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory | Medium | 4.3 | 2025-02-12 03:21:40 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |