| CVE-2024-1407 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.4 | 2024-06-19 06:55:47 | Deep Dive |
| CVE-2024-4371 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection | codexpert | CoDesigner – All in One Elementor WooCommerce Builder | Critical | 9.0 | 2024-06-13 08:31:33 | Deep Dive |
| CVE-2024-4564 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | codexpert | CoDesigner – All in One Elementor WooCommerce Builder | Medium | 6.4 | 2024-06-12 03:33:15 | Deep Dive |
| CVE-2024-5453 | ProfileGrid <= 5.8.6 - Missing Authorization | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2024-06-05 07:34:56 | Deep Dive |
| CVE-2024-5149 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.5 | 2024-06-05 04:32:25 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2023-47682 | WordPress WP User Frontend plugin <= 3.6.5 - Authenticated Privilege Escalation vulnerability | weDevs | WP User Frontend | High | 7.2 | 2024-05-17 08:36:13 | Deep Dive |
| CVE-2024-2637 | Insecure Loading of Code in B&R Products | B&R Industrial Automation | Scene Viewer | High | 7.2 | 2024-05-14 18:49:29 | Deep Dive |
| CVE-2024-1716 | Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update | litonice13 | Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus | Medium | 4.3 | 2024-05-02 16:52:46 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-3606 | ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2024-05-02 16:52:34 | Deep Dive |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-2765 | Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.4 | 2024-05-02 16:52:22 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-2967 | Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting | aharonyan | Guest posting / Frontend Posting / Front Editor – WP Front User Submit | Medium | 4.4 | 2024-05-02 16:52:19 | Deep Dive |
| CVE-2024-4133 | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.1 | 2024-05-02 16:52:18 | Deep Dive |
| CVE-2024-2867 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-02 16:52:05 | Deep Dive |
| CVE-2024-33575 | WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability | User Meta | User Meta | Medium | 5.3 | 2024-04-29 07:48:14 | Deep Dive |
| CVE-2023-51484 | WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability | wp-buy | Login as User or Customer (User Switching) | Critical | 9.8 | 2024-04-25 08:24:44 | Deep Dive |