| CVE-2024-52424 | WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | sureshdsk | wp-login customizer | High | 7.1 | 2024-11-18 16:01:46 | Deep Dive |
| CVE-2024-9887 | Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection | cyberlord92 | SAML IDP (Identity Provider) – Login with Website Users | High | 7.2 | 2024-11-16 09:36:34 | Deep Dive |
| CVE-2024-8874 | AJAX Login and Registration modal popup + inline form <= 2.24 - Reflected Cross-Site Scripting | kaminskym | AJAX Login and Registration modal popup + inline form | Medium | 6.1 | 2024-11-13 02:02:36 | Deep Dive |
| CVE-2024-9946 | Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider | the_champ | Social Share, Social Login and Social Comments Plugin – Super Socializer | High | 8.1 | 2024-11-06 06:43:32 | Deep Dive |
| CVE-2024-10020 | Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider | heateor | Heateor Social Login WordPress | High | 8.1 | 2024-11-06 06:43:31 | Deep Dive |
| CVE-2024-10114 | Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider | WPWeb | WooCommerce - Social Login | High | 8.1 | 2024-11-05 08:31:37 | Deep Dive |
| CVE-2024-43982 | WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability | Geek Code Lab | Login As Users | High | 8.8 | 2024-11-01 14:17:12 | Deep Dive |
| CVE-2024-50478 | WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability | swoopbrandon | 1-Click Login: Passwordless Authentication | Critical | 9.8 | 2024-10-28 12:32:27 | Deep Dive |
| CVE-2024-50488 | WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability | yespbs | Token Login | High | 8.8 | 2024-10-28 12:28:22 | Deep Dive |
| CVE-2024-9501 | Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider | roxnor | Wp Social Login and Register Social Counter | Critical | 9.8 | 2024-10-26 12:32:48 | Deep Dive |
| CVE-2024-9456 | WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | elvishp2006 | WP Awesome Login | Medium | 6.4 | 2024-10-26 04:30:32 | Deep Dive |
| CVE-2024-8959 | WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | litonice13 | WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer | Medium | 6.4 | 2024-10-24 11:34:09 | Deep Dive |
| CVE-2024-49246 | WordPress Ajax Rating with Custom Login plugin <= 1.1 - SQL Injection vulnerability | anand23 | Ajax Rating with Custom Login | - | - | 2024-10-17 17:31:28 | Deep Dive |
| CVE-2024-9893 | Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider | nextendweb | Nextend Social Login Pro | Critical | 9.8 | 2024-10-16 13:56:39 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47354 | WordPress Simple Membership After Login Redirection plugin <= 1.6 - Open Redirection vulnerability | wp.insider | Simple Membership After Login Redirection | Medium | 4.7 | 2024-10-10 18:09:14 | Deep Dive |
| CVE-2022-4534 | Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass | wp-buy | Limit Login Attempts (Spam Protection) | Medium | 5.3 | 2024-10-08 08:33:17 | Deep Dive |
| CVE-2024-8519 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2024-10-04 02:32:23 | Deep Dive |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2024-10-04 02:32:22 | Deep Dive |
| CVE-2024-9421 | Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter | prontotools | Login Logout Shortcode | Medium | 6.4 | 2024-10-04 02:04:55 | Deep Dive |