| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-49860 | WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) | weDevs | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts | Medium | 6.5 | 2023-12-14 16:18:46 | Deep Dive |
| CVE-2023-49746 | WordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF) | Softaculous Team | SpeedyCache – Cache, Optimization, Performance | Medium | 4.9 | 2023-12-07 10:50:20 | Deep Dive |
| CVE-2023-47870 | WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) | gVectors Team | wpForo Forum | High | 7.1 | 2023-11-30 17:26:37 | Deep Dive |
| CVE-2023-47872 | WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) | gVectors Team | wpForo Forum | Medium | 6.5 | 2023-11-30 16:46:53 | Deep Dive |
| CVE-2023-5803 | WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF) | Business Directory Team | Business Directory Plugin – Easy Listing Directories for WordPress | Medium | 4.3 | 2023-11-30 15:57:06 | Deep Dive |
| CVE-2023-44150 | WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.5 | 2023-11-30 14:50:36 | Deep Dive |
| CVE-2023-48323 | WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2023-11-30 12:59:15 | Deep Dive |
| CVE-2023-40680 | WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS) | Team Yoast | Yoast SEO | Medium | 5.9 | 2023-11-30 12:21:55 | Deep Dive |
| CVE-2023-47816 | WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS) | Charitable Donations & Fundraising Team | Donation Forms by Charitable | Medium | 6.5 | 2023-11-22 22:57:25 | Deep Dive |
| CVE-2023-47773 | WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS) | YAS Global Team | Permalinks Customizer | High | 7.1 | 2023-11-22 22:05:15 | Deep Dive |
| CVE-2023-30496 | WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS) | MagePeople Team | WpBusTicketly | High | 7.1 | 2023-11-22 19:46:37 | Deep Dive |
| CVE-2023-47775 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Request Forgery (CSRF) | gVectors Team | Comments — wpDiscuz | Medium | 4.3 | 2023-11-22 18:23:55 | Deep Dive |
| CVE-2023-32957 | WordPress Team Members Showcase Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) | Dazzlersoft | Team Members Showcase | Medium | 5.9 | 2023-11-16 19:52:37 | Deep Dive |
| CVE-2023-34013 | WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF) | Poll Maker Team | Poll Maker – Best WordPress Poll Plugin | Medium | 4.4 | 2023-11-13 02:28:32 | Deep Dive |
| CVE-2023-47185 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Scripting (XSS) | gVectors Team | Comments — wpDiscuz | 中危 | - | 2023-11-06 10:56:34 | Deep Dive |
| CVE-2023-46153 | WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) | UserFeedback Team | User Feedback | High | 7.1 | 2023-10-27 07:39:17 | Deep Dive |
| CVE-2023-5639 | Team Showcase <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | themepoints | Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin | Medium | 6.4 | 2023-10-19 01:53:50 | Deep Dive |
| CVE-2023-45071 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) | 10Web Form Builder Team | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.1 | 2023-10-18 12:38:56 | Deep Dive |
| CVE-2023-45070 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) | 10Web Form Builder Team | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.1 | 2023-10-18 12:34:30 | Deep Dive |
| CVE-2023-38000 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block | WordPress.org | WordPress | Medium | 6.5 | 2023-10-13 09:55:55 | Deep Dive |