| CVE-2024-56037 | WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability | SoftClever Limited | User Referral | High | 7.1 | 2025-01-02 09:15:20 | Deep Dive |
| CVE-2024-56206 | WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability | krishankakkar | gap-hub-user-role | High | 8.8 | 2024-12-31 13:29:48 | Deep Dive |
| CVE-2024-11977 | kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution | properfraction | kk Star Ratings – Rate Post & Collect User Feedbacks | High | 7.3 | 2024-12-21 05:31:02 | Deep Dive |
| CVE-2024-12293 | User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation | shinephp | User Role Editor | High | 8.8 | 2024-12-17 08:22:47 | Deep Dive |
| CVE-2024-54358 | WordPress 3D Avatar User Profile plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | Enrico Cantori | 3D Avatar User Profile | High | 7.1 | 2024-12-16 14:31:37 | Deep Dive |
| CVE-2024-54365 | WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability | Knowhalim | KH Easy User Settings | High | 8.8 | 2024-12-16 14:31:34 | Deep Dive |
| CVE-2024-54440 | WordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerability | blueskyy | WP-Ban-User | High | 7.1 | 2024-12-16 14:13:41 | Deep Dive |
| CVE-2024-54323 | WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability | Saad Iqbal | New User Approve | Medium | 5.4 | 2024-12-13 14:25:28 | Deep Dive |
| CVE-2023-41130 | WordPress Premmerce User Roles plugin <= 1.0.12 - Broken Access Control vulnerability | Premmerce | Premmerce User Roles | 高危 | - | 2024-12-13 14:24:09 | Deep Dive |
| CVE-2024-10518 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:18 | Deep Dive |
| CVE-2024-10517 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:17 | Deep Dive |
| CVE-2024-11351 | Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | tickera | Restrict – membership, site, content and user access restrictions for WordPress | Medium | 5.3 | 2024-12-11 12:24:19 | Deep Dive |
| CVE-2024-11008 | Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | supercleanse | Members – Membership & User Role Editor Plugin | Medium | 5.3 | 2024-12-11 10:57:29 | Deep Dive |
| CVE-2023-29429 | WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability | wpeverest | User Registration | Medium | 5.3 | 2024-12-09 11:31:10 | Deep Dive |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | Jose Vega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-12-09 11:31:00 | Deep Dive |
| CVE-2023-50887 | WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability | Syed Balkhi | User Feedback | 中危 | - | 2024-12-09 11:29:54 | Deep Dive |
| CVE-2024-11436 | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting | genetechproducts | Pie Forms — Drag & Drop Form Builder | Medium | 6.1 | 2024-12-07 01:45:48 | Deep Dive |
| CVE-2024-53810 | WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability | N-Media | Simple User Registration | Critical | 9.1 | 2024-12-06 13:07:38 | Deep Dive |
| CVE-2024-10681 | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.3 | 2024-12-06 09:23:00 | Deep Dive |
| CVE-2024-11453 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | Medium | 6.4 | 2024-12-03 07:34:54 | Deep Dive |