| CVE-2024-37477 | WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability | Automattic | Newspack Content Converter | Medium | 6.5 | 2024-11-01 14:18:17 | Deep Dive |
| CVE-2024-49671 | WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability | Dogu Pekgoz | AI Image Generator for Your Content & Featured Images – AI Postpix | - | - | 2024-10-23 15:34:23 | Deep Dive |
| CVE-2024-49306 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability | wp-buy | WP Content Copy Protection & No Right Click | Medium | 5.3 | 2024-10-20 10:13:40 | Deep Dive |
| CVE-2024-9892 | Add Widget After Content <= 2.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | apintop | Add Widget After Content | Medium | 4.4 | 2024-10-18 04:32:57 | Deep Dive |
| CVE-2019-25213 | Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read | vasyltech | Advanced Access Manager – Access Governance for WordPress | Critical | 9.8 | 2024-10-16 06:43:32 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9436 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting | publishpress | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes | Medium | 6.1 | 2024-10-11 06:50:18 | Deep Dive |
| CVE-2024-7963 | CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cmsmasters | CMSMasters Content Composer | Medium | 6.4 | 2024-10-09 02:01:17 | Deep Dive |
| CVE-2024-47306 | WordPress Secure Copy Content Protection and Content Locking plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability | Ays Pro | Secure Copy Content Protection and Content Locking | High | 7.1 | 2024-10-06 11:33:10 | Deep Dive |
| CVE-2024-8519 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2024-10-04 02:32:23 | Deep Dive |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2024-10-04 02:32:22 | Deep Dive |
| CVE-2024-9222 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 6.1 | 2024-10-02 07:35:28 | Deep Dive |
| CVE-2024-7714 | AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls | Unknown | AI ChatBot with ChatGPT and Content Generator by AYS | - | - | 2024-09-27 06:00:06 | Deep Dive |
| CVE-2024-7713 | AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure | Unknown | AI ChatBot with ChatGPT and Content Generator by AYS | - | - | 2024-09-27 06:00:05 | Deep Dive |
| CVE-2024-8483 | MAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure | madrasthemes | MAS Static Content | Medium | 4.3 | 2024-09-25 02:05:17 | Deep Dive |
| CVE-2024-44051 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability | Johan van der Wijk | Content Blocks (Custom Post Widget) | Medium | 6.5 | 2024-09-17 22:19:17 | Deep Dive |
| CVE-2024-8246 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.8 | 2024-09-14 03:19:27 | Deep Dive |
| CVE-2024-8689 | ActiveMQ Content Pack: Cleartext Exposure of Credentials | Palo Alto Networks | ActiveMQ Content Pack | - | - | 2024-09-11 16:42:16 | Deep Dive |
| CVE-2024-6888 | Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS | Unknown | Secure Copy Content Protection and Content Locking | - | - | 2024-09-04 06:00:04 | Deep Dive |
| CVE-2024-6889 | Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS | Unknown | Secure Copy Content Protection and Content Locking | - | - | 2024-09-04 06:00:04 | Deep Dive |