| CVE-2024-56300 | WordPress Post/Page Copying Tool plugin <= 2.0.0 - Sensitive Data Exposure vulnerability | wpspin | Post/Page Copying Tool | High | 7.5 | 2025-01-07 10:49:07 | Deep Dive |
| CVE-2025-22355 | WordPress Kikx Simple Post Author Filter plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | asokaaso2 | Kikx Simple Post Author Filter | High | 7.1 | 2025-01-07 10:48:37 | Deep Dive |
| CVE-2024-10536 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export | wpqode | FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor | Medium | 4.3 | 2025-01-07 05:24:09 | Deep Dive |
| CVE-2024-12471 | Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload | postsaint | Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator | High | 8.8 | 2025-01-07 05:23:58 | Deep Dive |
| CVE-2024-12252 | SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution) | seobeginner | SEO LAT Auto Post | Critical | 9.8 | 2025-01-07 04:22:02 | Deep Dive |
| CVE-2024-12538 | Duplicate Post, Page and Any Custom Post <= 3.5.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication | binsaifullah | Duplicate Post, Page and Any Custom Post | Medium | 4.3 | 2025-01-07 03:22:00 | Deep Dive |
| CVE-2022-45811 | WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability | WeyHan Ng | Post Teaser | Medium | 5.4 | 2025-01-02 15:08:57 | Deep Dive |
| CVE-2024-56268 | WordPress Post Grid Elementor Addon plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability | hookandhook | Post Grid Elementor Addon | Medium | 6.5 | 2025-01-02 12:22:09 | Deep Dive |
| CVE-2024-56247 | WordPress WP Post Author plugin <= 3.8.2 - SQL Injection vulnerability | AF themes | WP Post Author | High | 7.6 | 2025-01-02 12:01:21 | Deep Dive |
| CVE-2024-56021 | WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability | ibnuyahya | Category Post Shortcode | Medium | 6.5 | 2024-12-31 23:08:29 | Deep Dive |
| CVE-2024-11938 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | wpswings | One Click Upsell Funnel for Woocommerce | Medium | 6.4 | 2024-12-21 07:03:00 | Deep Dive |
| CVE-2024-11977 | kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution | properfraction | kk Star Ratings – Rate Post & Collect User Feedbacks | High | 7.3 | 2024-12-21 05:31:02 | Deep Dive |
| CVE-2024-11878 | Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | gbsdeveloper | Category Post Slider | Medium | 6.4 | 2024-12-20 06:59:11 | Deep Dive |
| CVE-2024-11297 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | cyberlord92 | Page and Post Restriction | Medium | 5.3 | 2024-12-20 06:59:07 | Deep Dive |
| CVE-2024-54428 | WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability | onigetoc | Add image to Post | High | 7.1 | 2024-12-16 14:13:48 | Deep Dive |
| CVE-2024-56012 | WordPress Flash News / Post (Responsive) plugin <= 4.1 - CSRF to Privilege Escalation vulnerability | lizeipe | Flash News / Post (Responsive) | Critical | 9.8 | 2024-12-16 14:13:40 | Deep Dive |
| CVE-2024-12446 | Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | gravitymaster97 | PDF Generator for Posts & Pages – Export Any Post Type to PDF | Medium | 6.4 | 2024-12-14 06:45:14 | Deep Dive |
| CVE-2024-12447 | Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode | webdeveric | Get Post Content Shortcode | Medium | 4.3 | 2024-12-14 04:23:46 | Deep Dive |
| CVE-2024-11770 | Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | tarakpatel18 | Post Carousel & Slider | Medium | 6.4 | 2024-12-14 04:23:42 | Deep Dive |
| CVE-2024-54349 | WordPress Plain Post plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | mashiurz | Plain Post | Medium | 6.5 | 2024-12-13 14:25:43 | Deep Dive |