| CVE-2024-10223 | HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode | htplugins | WP Team – WordPress Team Member Plugin | Medium | 6.4 | 2024-10-30 06:43:36 | Deep Dive |
| CVE-2024-8871 | Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting | fatcatapps | Pricing Table WordPress Plugin – Easy Pricing Tables | Medium | 6.1 | 2024-10-30 05:32:15 | Deep Dive |
| CVE-2024-50466 | WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability | DarkMySite | DarkMySite – Advanced Dark Mode Plugin for WordPress | Medium | 4.3 | 2024-10-29 16:34:22 | Deep Dive |
| CVE-2024-9613 | FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting | manidoraisamy | FormFacade – Embed Google Forms in your website | Medium | 6.1 | 2024-10-26 02:31:32 | Deep Dive |
| CVE-2024-9593 | Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution | Scott Paterson | Time Clock Pro | High | 8.3 | 2024-10-18 17:32:31 | Deep Dive |
| CVE-2024-49280 | WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability | Weblizar - WordPress Themes & Plugin | Lightbox slider – Responsive Lightbox Gallery | Medium | 6.5 | 2024-10-17 19:16:53 | Deep Dive |
| CVE-2024-49258 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Medium | 6.5 | 2024-10-16 13:45:18 | Deep Dive |
| CVE-2024-49260 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Critical | 9.9 | 2024-10-16 13:38:04 | Deep Dive |
| CVE-2012-10018 | Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting | sekler | Mapplic Lite | High | 8.3 | 2024-10-16 06:43:33 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2020-36838 | Facebook Chat Plugin <= 1.5 - Missing Capabilities Check | facebook | Facebook Chat Plugin – Live Chat Plugin for WordPress | High | 7.4 | 2024-10-16 06:43:28 | Deep Dive |
| CVE-2024-9067 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2024-10-10 02:06:13 | Deep Dive |
| CVE-2024-8987 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.4 | 2024-10-10 02:06:05 | Deep Dive |
| CVE-2024-9575 | Local File Inclusion in pretix-widget WordPress plugin | rami.io GmbH | pretix Widget WordPress plugin | - | - | 2024-10-09 09:40:45 | Deep Dive |
| CVE-2024-8433 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting | themehunk | Easy Mega Menu for WordPress – ThemeHunk | Medium | 6.4 | 2024-10-08 09:33:14 | Deep Dive |
| CVE-2024-9375 | WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting | contact-banker | WordPress Captcha Plugin by Captcha Bank | Medium | 6.1 | 2024-10-04 02:04:56 | Deep Dive |
| CVE-2024-9018 | WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | High | 8.8 | 2024-10-01 08:30:17 | Deep Dive |
| CVE-2024-43237 | WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability | Steve Burge | WordPress Tag Cloud Plugin – Tag Groups | Medium | 5.3 | 2024-09-25 14:49:00 | Deep Dive |
| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 5.3 | 2024-09-25 05:32:10 | Deep Dive |
| CVE-2024-8434 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates | themehunk | Easy Mega Menu for WordPress – ThemeHunk | Medium | 4.3 | 2024-09-25 02:05:24 | Deep Dive |