| CVE-2024-12419 | Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting | tobias_conrad | WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms | Medium | 6.5 | 2025-01-07 03:21:56 | Deep Dive |
| CVE-2024-12528 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | pantherius | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | Medium | 6.4 | 2025-01-07 03:21:55 | Deep Dive |
| CVE-2024-11930 | Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 6.4 | 2025-01-04 08:22:52 | Deep Dive |
| CVE-2024-12636 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery | wplegalpages | Privacy Policy Generator – WPLP Legal Pages | Medium | 4.3 | 2024-12-25 04:22:04 | Deep Dive |
| CVE-2024-12032 | Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 6.5 | 2024-12-25 03:21:31 | Deep Dive |
| CVE-2024-12771 | eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset | implecode | eCommerce Product Catalog Plugin for WordPress | High | 8.8 | 2024-12-21 07:02:59 | Deep Dive |
| CVE-2024-12506 | NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | magblogapi | NACC WordPress Plugin | Medium | 6.4 | 2024-12-20 06:59:11 | Deep Dive |
| CVE-2024-8968 | MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color | Unknown | WordPress Button Plugin MaxButtons | 中危 | - | 2024-12-20 06:00:05 | Deep Dive |
| CVE-2024-10555 | MaxButtons < 9.8.1 - Admin+ Stored XSS via Button Width | Unknown | WordPress Button Plugin MaxButtons | 中危 | - | 2024-12-20 06:00:02 | Deep Dive |
| CVE-2024-12626 | AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value | rubengc | AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | Critical | 9.6 | 2024-12-19 11:14:15 | Deep Dive |
| CVE-2024-12259 | CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation | sweetdaisy86 | RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress | High | 8.8 | 2024-12-18 03:22:06 | Deep Dive |
| CVE-2024-12127 | Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter | mantrabrain | Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS | Medium | 6.1 | 2024-12-17 09:22:42 | Deep Dive |
| CVE-2024-54274 | WordPress Octrace Support plugin <= 1.2.7 - Reflected Cross Site Scripting (XSS) vulnerability | Octrace | WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | High | 7.1 | 2024-12-13 14:24:50 | Deep Dive |
| CVE-2022-47429 | WordPress Coming Soon Landing Page and Maintenance Mode WordPress Plugin plugin <= 2.2.0 - Broken Access Control | 8Degree Themes | Coming Soon Landing Page and Maintenance Mode WordPress Plugin | Medium | 5.3 | 2024-12-13 14:23:16 | Deep Dive |
| CVE-2024-11766 | WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress | Medium | 6.4 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-11765 | WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more | Medium | 6.4 | 2024-12-12 05:24:21 | Deep Dive |
| CVE-2024-11868 | LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2024-12-10 12:25:00 | Deep Dive |
| CVE-2023-28165 | WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability | Varun Sharma | Backup Bank: WordPress Backup Plugin | Medium | 4.3 | 2024-12-09 11:31:20 | Deep Dive |
| CVE-2023-48332 | WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 4.0.14 - Broken Access Control vulnerability | Varun Sharma | Mail Bank - #1 Mail SMTP Plugin for WordPress | 中危 | - | 2024-12-09 11:30:28 | Deep Dive |
| CVE-2024-54207 | WordPress WordPress Auction Plugin plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability | WP Marka | WordPress Auction Plugin | Medium | 5.9 | 2024-12-06 13:07:30 | Deep Dive |