| CVE-2024-8757 | Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection | afthemes | WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars | High | 7.2 | 2024-10-12 09:39:19 | Deep Dive |
| CVE-2024-9051 | WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode | brechtvds | WP Ultimate Post Grid | Medium | 6.4 | 2024-10-11 07:37:47 | Deep Dive |
| CVE-2024-47340 | WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2024-10-06 10:51:25 | Deep Dive |
| CVE-2024-8352 | Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download | dejanmarkovic | Social Web Suite – Social Media Auto Post, Social Media Auto Publish | High | 7.5 | 2024-10-03 03:32:01 | Deep Dive |
| CVE-2024-9218 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting | wpblockart | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | Medium | 6.1 | 2024-10-02 08:31:51 | Deep Dive |
| CVE-2024-9265 | Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation | CodeRevolution | Echo RSS Feed Post Generator | Critical | 9.8 | 2024-10-01 08:30:18 | Deep Dive |
| CVE-2024-8288 | Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute | adreastrian | Guten Post Layout – An Advanced Post Grid Collection | Medium | 6.4 | 2024-10-01 08:30:15 | Deep Dive |
| CVE-2024-3635 | The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation | Unknown | The Post Grid | 中危 | - | 2024-09-30 06:00:06 | Deep Dive |
| CVE-2024-44051 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability | Johan van der Wijk | Content Blocks (Custom Post Widget) | Medium | 6.5 | 2024-09-17 22:19:17 | Deep Dive |
| CVE-2024-8246 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.8 | 2024-09-14 03:19:27 | Deep Dive |
| CVE-2024-6544 | Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure | coffee2code | Custom Post Limits | Medium | 5.3 | 2024-09-13 15:10:40 | Deep Dive |
| CVE-2024-8253 | Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation | pickplugins | Post Grid and Gutenberg Blocks | High | 8.8 | 2024-09-11 03:31:08 | Deep Dive |
| CVE-2024-8427 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 4.3 | 2024-09-06 06:50:55 | Deep Dive |
| CVE-2024-8325 | Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | blockspare | BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor | Medium | 6.4 | 2024-09-04 05:31:00 | Deep Dive |
| CVE-2024-43921 | WordPress Generate Images – Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability | Magic Post Thumbnail | Magic Post Thumbnail | High | 7.1 | 2024-08-29 18:11:27 | Deep Dive |
| CVE-2024-7418 | The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 4.3 | 2024-08-29 03:52:58 | Deep Dive |
| CVE-2024-43281 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.3 - Local File Inclusion vulnerability | VOID CODERS | Void Elementor Post Grid Addon for Elementor Page builder | Medium | 5.3 | 2024-08-19 17:47:19 | Deep Dive |
| CVE-2024-43305 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.11 - Cross Site Scripting (XSS) vulnerability | Code Amp | Custom Layouts – Post + Product grids made easy | Medium | 6.5 | 2024-08-18 14:23:41 | Deep Dive |
| CVE-2024-4389 | Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload | averta | Depicter — Popup & Slider Builder | High | 8.8 | 2024-08-14 08:29:44 | Deep Dive |
| CVE-2024-43156 | WordPress Post Grid Master plugin <= 3.4.10 - Reflected Cross Site Scripting (XSS) vulnerability | AddonMaster | Post Grid Master | High | 7.1 | 2024-08-12 22:03:12 | Deep Dive |