| CVE-2024-10223 | HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode | htplugins | WP Team – WordPress Team Member Plugin | Medium | 6.4 | 2024-10-30 06:43:36 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2023-51516 | WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability | Business Directory Team | Business Directory Plugin | Medium | 5.4 | 2024-06-14 00:58:48 | Deep Dive |
| CVE-2024-32514 | WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability | Poll Maker & Voting Plugin Team (InfoTheme) | WP Poll Maker | Critical | 9.9 | 2024-04-17 07:58:33 | Deep Dive |
| CVE-2024-32147 | WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability | Form Plugin Team - GhozyLab | Easy Contact Form Lite | Medium | 6.5 | 2024-04-15 06:32:09 | Deep Dive |
| CVE-2024-29818 | WordPress WP Poll Maker plugin <= 3.1 - Authenticated Cross Site Scripting (XSS) vulnerability | Poll Maker & Voting Plugin Team (InfoTheme) | WP Poll Maker | Medium | 5.9 | 2024-03-27 11:54:56 | Deep Dive |
| CVE-2024-24796 | WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin | High | 8.2 | 2024-02-12 07:47:08 | Deep Dive |
| CVE-2023-47526 | WordPress Chartify Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) | Chart Builder Team | Chartify – WordPress Chart Plugin | Medium | 5.9 | 2024-02-12 06:53:18 | Deep Dive |
| CVE-2022-45083 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.6 | 2024-01-19 14:37:19 | Deep Dive |
| CVE-2023-51538 | WordPress Awesome Support Plugin <= 6.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2024-01-05 09:47:19 | Deep Dive |
| CVE-2023-51423 | WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection | Saleswonder Team | Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition | Critical | 9.3 | 2023-12-31 17:52:40 | Deep Dive |
| CVE-2023-51422 | WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection | Saleswonder Team | Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition | Critical | 9.9 | 2023-12-29 12:59:32 | Deep Dive |
| CVE-2022-47599 | WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection | File Manager by Bit Form Team | File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager | Medium | 5.5 | 2023-12-20 17:42:54 | Deep Dive |
| CVE-2023-49860 | WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) | weDevs | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts | Medium | 6.5 | 2023-12-14 16:18:46 | Deep Dive |
| CVE-2023-5803 | WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF) | Business Directory Team | Business Directory Plugin – Easy Listing Directories for WordPress | Medium | 4.3 | 2023-11-30 15:57:06 | Deep Dive |
| CVE-2023-44150 | WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.5 | 2023-11-30 14:50:36 | Deep Dive |
| CVE-2023-48323 | WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2023-11-30 12:59:15 | Deep Dive |
| CVE-2023-34013 | WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF) | Poll Maker Team | Poll Maker – Best WordPress Poll Plugin | Medium | 4.4 | 2023-11-13 02:28:32 | Deep Dive |
| CVE-2023-3636 | WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | High | 8.8 | 2023-08-31 05:33:09 | Deep Dive |
| CVE-2023-36383 | WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS) | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce | Medium | 5.9 | 2023-07-18 14:22:14 | Deep Dive |