| CVE-2024-13530 | Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination | zia-imtiaz | Login Page Styler – Custom WordPress Login Page Customizer & Security | Medium | 4.3 | 2025-01-31 07:23:40 | Deep Dive |
| CVE-2024-13224 | SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS | Unknown | SlideDeck 1 Lite Content Slider | 中危 | - | 2025-01-31 06:00:16 | Deep Dive |
| CVE-2024-11090 | Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | stellarwp | Membership Plugin – Restrict Content | Medium | 5.3 | 2025-01-26 06:41:21 | Deep Dive |
| CVE-2024-35134 | IBM Analytics Content Hub information disclosure | IBM | Analytics Content Hub | Medium | 5.3 | 2025-01-25 14:05:45 | Deep Dive |
| CVE-2024-39750 | IBM Analytics Content Hub buffer overflow | IBM | Analytics Content Hub | High | 8.8 | 2025-01-25 14:04:41 | Deep Dive |
| CVE-2024-13458 | WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | qchantelnotice | WordPress SEO Friendly Accordion FAQ with AI assisted content generation | Medium | 6.4 | 2025-01-25 07:24:16 | Deep Dive |
| CVE-2025-23727 | WordPress AZ Content Finder plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability | antonzaroutski | AZ Content Finder | High | 7.1 | 2025-01-23 15:29:42 | Deep Dive |
| CVE-2025-23769 | WordPress Content Mirror plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | dreamsofmatter | Content Mirror | High | 7.1 | 2025-01-22 14:29:21 | Deep Dive |
| CVE-2025-23631 | WordPress Content Planner plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Sarah Lewis | Content Planner | High | 7.1 | 2025-01-22 14:29:18 | Deep Dive |
| CVE-2025-23601 | WordPress Tab My Content plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | patrice | Tab My Content | High | 7.1 | 2025-01-22 14:29:15 | Deep Dive |
| CVE-2025-0308 | Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.5 | 2025-01-18 05:33:50 | Deep Dive |
| CVE-2025-0318 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-01-18 05:33:49 | Deep Dive |
| CVE-2024-12071 | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | evergreencontentposter | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media | Medium | 5.3 | 2025-01-18 03:21:13 | Deep Dive |
| CVE-2025-23869 | WordPress CJ Custom Content plugin <= 2.0 - CSRF to Cross-Site Scripting vulnerability | shibulijack | CJ Custom Content | High | 7.1 | 2025-01-16 20:07:26 | Deep Dive |
| CVE-2025-23820 | WordPress Content Security Policy Pro plugin <= 1.3.5 - CSRF to Stored XSS vulnerability | thapa.laxman | Content Security Policy Pro | High | 7.1 | 2025-01-16 20:07:13 | Deep Dive |
| CVE-2025-23642 | WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | pflonk | Sidebar-Content from Shortcode | Medium | 6.5 | 2025-01-16 20:06:29 | Deep Dive |
| CVE-2025-23463 | WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability | Mukesh Dak | MD Custom content after or before of post | High | 7.1 | 2025-01-16 20:05:49 | Deep Dive |
| CVE-2024-12919 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Critical | 9.8 | 2025-01-14 09:21:55 | Deep Dive |
| CVE-2024-12473 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Authenticated (Contributor+) SQL Injection | opacewebdesign | Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic | Medium | 6.5 | 2025-01-10 03:21:30 | Deep Dive |
| CVE-2024-12606 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update | opacewebdesign | Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic | Medium | 4.3 | 2025-01-10 03:21:30 | Deep Dive |