| CVE-2024-2082 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting | cscode | EleForms – All In One Form Integration including DB for Elementor | High | 7.2 | 2024-05-02 16:52:41 | Deep Dive |
| CVE-2023-7067 | ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 4.3 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-2043 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure | cscode | EleForms – All In One Form Integration including DB for Elementor | Medium | 5.3 | 2024-05-02 16:52:13 | Deep Dive |
| CVE-2024-3991 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-05-02 16:52:08 | Deep Dive |
| CVE-2024-3554 | All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | smub | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic | Medium | 6.4 | 2024-05-02 16:51:54 | Deep Dive |
| CVE-2024-3206 | Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication | recorp | Different Menu in Different Pages – Conditional Menu | Medium | 4.3 | 2024-05-02 16:51:52 | Deep Dive |
| CVE-2024-31413 | Omron Sysmac Studio 安全漏洞 | OMRON Corporation | CX-One CX-One CXONE-AL[][]D-V4 | 高危 | - | 2024-05-01 12:54:15 | Deep Dive |
| CVE-2024-32815 | WordPress All-in-one Like Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability | Jeroen Peters | All-in-one Like Widget | Medium | 5.9 | 2024-04-24 08:36:21 | Deep Dive |
| CVE-2024-0900 | Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation | elespare | EleSpare – News, Magazine and Blog Addons for Elementor | Medium | 4.3 | 2024-04-23 08:32:54 | Deep Dive |
| CVE-2024-1057 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-20 01:56:38 | Deep Dive |
| CVE-2024-2137 | All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets | shamsbd71 | All-in-One Addons for Elementor – WidgetKit | Medium | 6.4 | 2024-04-12 02:33:16 | Deep Dive |
| CVE-2024-32106 | WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability | WP Compress | WP Compress – Image Optimizer [All-In-One] | Medium | 4.3 | 2024-04-11 13:00:38 | Deep Dive |
| CVE-2024-2093 | VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure | kurudrive | VK All in One Expansion Unit | Medium | 6.5 | 2024-04-09 18:59:31 | Deep Dive |
| CVE-2024-2946 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:59:26 | Deep Dive |
| CVE-2024-1934 | WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification | aresit | WP Compress – Instant Performance & Speed Optimization | High | 7.5 | 2024-04-09 18:59:06 | Deep Dive |
| CVE-2023-7046 | WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files | gowebsmarty | WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan | High | 7.5 | 2024-04-09 18:59:01 | Deep Dive |
| CVE-2024-1960 | ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:58:43 | Deep Dive |
| CVE-2024-2868 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2024-30468 | WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability | All In One WP Security & Firewall Team | All In One WP Security & Firewall | Medium | 4.3 | 2024-03-29 16:20:43 | Deep Dive |
| CVE-2024-30506 | WordPress All In One Redirection plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | Vsourz Digital | All In One Redirection | High | 7.1 | 2024-03-29 14:13:12 | Deep Dive |