| CVE-2024-32787 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.7.1 - Broken Access Control vulnerability | Copy Content Protection Team | Secure Copy Content Protection and Content Locking | Medium | 4.3 | 2024-06-09 13:00:52 | Deep Dive |
| CVE-2024-32824 | WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability | Evergreen Content Poster | Evergreen Content Poster | Medium | 5.4 | 2024-06-09 12:14:48 | Deep Dive |
| CVE-2024-5149 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.5 | 2024-06-05 04:32:25 | Deep Dive |
| CVE-2024-0756 | Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection | Unknown | Insert or Embed Articulate Content into WordPress | - | - | 2024-06-04 14:28:08 | Deep Dive |
| CVE-2023-45053 | WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability | pluginever | WP Content Pilot – Autoblogging & Affiliate Marketing Plugin | Medium | 4.3 | 2024-06-04 09:14:33 | Deep Dive |
| CVE-2024-0757 | Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE | Unknown | Insert or Embed Articulate Content into WordPress | - | - | 2024-06-04 06:00:02 | Deep Dive |
| CVE-2024-3564 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode | vanderwijk | Content Blocks (Custom Post Widget) | High | 8.8 | 2024-06-01 03:31:17 | Deep Dive |
| CVE-2024-3565 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2024-06-01 03:31:17 | Deep Dive |
| CVE-2024-2089 | Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | doublesharp | Remote Content Shortcode | Medium | 5.4 | 2024-05-30 08:30:13 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2023-45652 | WordPress Remote Content Shortcode plugin <= 1.5 - Local File Inclusion vulnerability | Justin Silver | Remote Content Shortcode | Medium | 6.5 | 2024-05-17 08:32:26 | Deep Dive |
| CVE-2024-31351 | WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability | Copymatic | Copymatic – AI Content Writer & Generator | Critical | 10.0 | 2024-05-17 06:15:21 | Deep Dive |
| CVE-2024-0437 | Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 4.3 | 2024-05-14 23:31:47 | Deep Dive |
| CVE-2024-3956 | Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL | sc0ttkclark | Pods – Custom Content Types and Fields | Medium | 5.4 | 2024-05-10 08:32:34 | Deep Dive |
| CVE-2024-4446 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-05-09 20:03:30 | Deep Dive |
| CVE-2024-34424 | WordPress Featured Content Gallery plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability | iePlexus | Featured Content Gallery | Medium | 5.9 | 2024-05-09 11:21:43 | Deep Dive |
| CVE-2024-34566 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability | Johan van der Wijk | Content Blocks (Custom Post Widget) | Medium | 6.5 | 2024-05-08 10:55:00 | Deep Dive |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-0615 | Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure | danieliser | Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More | Medium | 5.3 | 2024-05-02 16:52:28 | Deep Dive |
| CVE-2024-2765 | Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.4 | 2024-05-02 16:52:22 | Deep Dive |