| CVE-2024-13271 | Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035 | Drupal | Content Entity Clone | 中危 | - | 2025-01-09 19:19:50 | Deep Dive |
| CVE-2024-13248 | Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012 | Drupal | Private content | 中危 | - | 2025-01-09 18:53:59 | Deep Dive |
| CVE-2025-22810 | WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability | Phi Phan | Content Blocks Builder | Medium | 6.5 | 2025-01-09 15:39:06 | Deep Dive |
| CVE-2024-12605 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update | opacewebdesign | Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic | Medium | 4.3 | 2025-01-09 11:10:58 | Deep Dive |
| CVE-2025-0346 | code-projects Content Management System Publish News Page publishnews.php unrestricted upload | code-projects | Content Management System | Medium | 4.7 | 2025-01-09 09:00:14 | Deep Dive |
| CVE-2024-11282 | Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | wpchill | Passster – Password Protect Pages and Content | Medium | 5.3 | 2025-01-07 06:40:56 | Deep Dive |
| CVE-2024-11887 | Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | geotargetly | Geo Content | Medium | 6.4 | 2025-01-07 05:23:59 | Deep Dive |
| CVE-2024-12438 | WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.75 - Reflected Cross-Site Scripting | flickrocket | Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce | Medium | 6.1 | 2025-01-07 05:23:57 | Deep Dive |
| CVE-2024-12153 | GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting | grandy | GDY Modular Content | Medium | 6.1 | 2025-01-07 04:22:16 | Deep Dive |
| CVE-2024-56025 | WordPress AdWork Media EZ Content Locker plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability | adworkmedia | AdWork Media EZ Content Locker | High | 7.1 | 2025-01-02 12:01:13 | Deep Dive |
| CVE-2024-12031 | Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection | CodeTides | Advanced Floating Content | Medium | 6.5 | 2024-12-24 09:21:51 | Deep Dive |
| CVE-2024-12103 | Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure | giuse | Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached. | Medium | 5.3 | 2024-12-24 09:21:50 | Deep Dive |
| CVE-2024-11291 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2024-12-18 11:09:32 | Deep Dive |
| CVE-2024-8326 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure | clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | High | 8.8 | 2024-12-17 09:22:41 | Deep Dive |
| CVE-2024-12447 | Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode | webdeveric | Get Post Content Shortcode | Medium | 4.3 | 2024-12-14 04:23:46 | Deep Dive |
| CVE-2024-54329 | WordPress CleverNode Related Content plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability | Metup | CleverNode Related Content | High | 7.1 | 2024-12-13 14:25:33 | Deep Dive |
| CVE-2024-10518 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:18 | Deep Dive |
| CVE-2024-10517 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:17 | Deep Dive |
| CVE-2024-12156 | AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting | quantumcloud | QC SEO Help for llms.txt, AI Analytics, AI Content Writer, Subtitle to Article | Medium | 6.1 | 2024-12-12 04:23:15 | Deep Dive |
| CVE-2024-11351 | Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | tickera | Restrict – membership, site, content and user access restrictions for WordPress | Medium | 5.3 | 2024-12-11 12:24:19 | Deep Dive |