| CVE-2024-37929 | WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability | solwin | User Activity Log Pro | Medium | 6.3 | 2024-11-01 14:18:10 | Deep Dive |
| CVE-2024-50503 | WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability | Deryck | User Toolkit | Critical | 9.8 | 2024-10-30 07:37:12 | Deep Dive |
| CVE-2024-9890 | User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass | deryck | User Toolkit | High | 8.8 | 2024-10-26 01:58:35 | Deep Dive |
| CVE-2024-49675 | WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability | Vitalii | iBryl Switch User | High | 8.8 | 2024-10-23 15:11:20 | Deep Dive |
| CVE-2024-49604 | WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability | N-Media | Simple User Registration | Critical | 9.8 | 2024-10-20 07:56:33 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9873 | Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 5.4 | 2024-10-16 05:31:56 | Deep Dive |
| CVE-2024-8757 | Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection | afthemes | WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars | High | 7.2 | 2024-10-12 09:39:19 | Deep Dive |
| CVE-2024-9067 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2024-10-10 02:06:13 | Deep Dive |
| CVE-2024-9520 | UserPlus <= 2.0 - Missing Authorization via Multiple Functions | userplus | User registration & user profile – UserPlus | Medium | 6.3 | 2024-10-10 02:06:13 | Deep Dive |
| CVE-2024-9518 | UserPlus <= 2.0 - Unauthenticated Privilege Escalation | userplus | User registration & user profile – UserPlus | Critical | 9.8 | 2024-10-10 02:06:06 | Deep Dive |
| CVE-2024-8987 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.4 | 2024-10-10 02:06:05 | Deep Dive |
| CVE-2024-9205 | Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting | wpcodefactory | Maximum Products per User for WooCommerce | Medium | 6.1 | 2024-10-10 02:06:04 | Deep Dive |
| CVE-2024-9519 | UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation | userplus | User registration & user profile – UserPlus | High | 7.2 | 2024-10-10 02:06:04 | Deep Dive |
| CVE-2024-8519 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2024-10-04 02:32:23 | Deep Dive |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2024-10-04 02:32:22 | Deep Dive |
| CVE-2024-8861 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 6.4 | 2024-09-26 07:34:37 | Deep Dive |
| CVE-2024-7426 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.6.0 - Unauthenticated Full Path Disclosure | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 5.3 | 2024-09-25 02:05:05 | Deep Dive |
| CVE-2024-8246 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.8 | 2024-09-14 03:19:27 | Deep Dive |
| CVE-2024-7618 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 4.4 | 2024-09-10 07:30:04 | Deep Dive |