| CVE-2024-54287 | WordPress Advanced Blog Post Block plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability | Best WP Developer | Advanced Blog Post Block | Medium | 6.5 | 2024-12-13 14:25:04 | Deep Dive |
| CVE-2023-41689 | WordPress Post to Google My Business (Google Business Profile) plugin <= 3.1.14 - Broken Access Control vulnerability | Koen Reus | Post to Google My Business (Google Business Profile) | Medium | 4.3 | 2024-12-13 14:24:14 | Deep Dive |
| CVE-2023-36526 | WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 3.0.1 - Broken Access Control vulnerability | Attinder Singh | Duplicate Post Page Menu & Custom Post Type | Medium | 5.4 | 2024-12-13 14:23:44 | Deep Dive |
| CVE-2023-36518 | WordPress Post Hit Counter plugin <= 1.3.2 - Broken Access Control | Hugh Lashbrooke | Post Hit Counter | Medium | 4.3 | 2024-12-13 14:23:43 | Deep Dive |
| CVE-2022-46846 | WordPress Trending/Popular Post Slider and Widget plugin <= 1.5.7 - Broken Access Control vulnerability | WP OnlineSupport, Essential Plugin | Trending/Popular Post Slider and Widget | Medium | 5.3 | 2024-12-13 14:22:09 | Deep Dive |
| CVE-2024-12309 | Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts | properfraction | Rate My Post – Star Rating Plugin by FeedbackWP | Medium | 5.3 | 2024-12-13 08:24:52 | Deep Dive |
| CVE-2024-11709 | AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion | kekotron | AI Post Generator | AutoWriter | Medium | 4.3 | 2024-12-12 04:23:16 | Deep Dive |
| CVE-2024-12156 | AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting | quantumcloud | QC SEO Help for llms.txt, AI Analytics, AI Content Writer, Subtitle to Article | Medium | 6.1 | 2024-12-12 04:23:15 | Deep Dive |
| CVE-2023-30488 | WordPress Featured Post Creative plugin <= 1.2.7 - Broken Access Control vulnerability | WP OnlineSupport, Essential Plugin | Featured Post Creative | Medium | 5.3 | 2024-12-09 11:31:05 | Deep Dive |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | Jose Vega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-12-09 11:31:00 | Deep Dive |
| CVE-2023-31214 | WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability | Arul Prasad J | WP Quick Post Duplicator | Medium | 5.4 | 2024-12-09 11:30:59 | Deep Dive |
| CVE-2023-32094 | WordPress Extended Post Status plugin <= 1.0.19 - Broken Access Control vulnerability | Felix W. | Extended Post Status | Medium | 5.4 | 2024-12-09 11:30:59 | Deep Dive |
| CVE-2023-48750 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability | voidthemes | Void Elementor Post Grid Addon for Elementor Page builder | 中危 | - | 2024-12-09 11:30:27 | Deep Dive |
| CVE-2023-49754 | WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Broken Access Control vulnerability | Yogesh Pawar | Bulk Edit Post Titles | 中危 | - | 2024-12-09 11:30:16 | Deep Dive |
| CVE-2023-49835 | WordPress Post Duplicator plugin <= 2.31 - Broken Access Control vulnerability | metaphorcreations | Post Duplicator | Medium | 4.3 | 2024-12-09 11:30:07 | Deep Dive |
| CVE-2024-4633 | Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting | averta | Depicter — Popup & Slider Builder | Medium | 6.4 | 2024-12-06 13:45:20 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-52463 | WordPress Post By Email plugin <= 1.0.4b - Reflected Cross Site Scripting (XSS) vulnerability | Peter Westwood | Post By Email | High | 7.1 | 2024-12-02 13:49:04 | Deep Dive |
| CVE-2024-53725 | WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | aMiT | Post Hits Counter | High | 7.1 | 2024-12-02 13:48:41 | Deep Dive |
| CVE-2024-53769 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability | lriaudel | Custom Post Type to Map Store | High | 7.1 | 2024-12-02 13:48:32 | Deep Dive |