| CVE-2024-6709 | Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update | kp4coder | Sync Post With Other Site | Medium | 4.3 | 2024-08-03 11:37:38 | Deep Dive |
| CVE-2024-7302 | Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 6.4 | 2024-08-01 06:47:04 | Deep Dive |
| CVE-2024-6549 | Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure | coffee2code | Admin Post Navigation | Medium | 5.3 | 2024-07-27 01:51:05 | Deep Dive |
| CVE-2024-38728 | WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability | Seraphinite Solutions | Seraphinite Post .DOCX Source | High | 7.2 | 2024-07-22 10:22:56 | Deep Dive |
| CVE-2024-37101 | WordPress WP Post Author plugin <= 3.6.7 - Cross Site Scripting (XSS) vulnerability | AF themes | WP Post Author | Medium | 6.5 | 2024-07-22 09:56:00 | Deep Dive |
| CVE-2024-6848 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.4 | 2024-07-20 11:18:28 | Deep Dive |
| CVE-2024-37562 | WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability | BracketSpace | Simple Post Notes | Medium | 5.9 | 2024-07-20 09:15:40 | Deep Dive |
| CVE-2024-38682 | WordPress Post Layouts for Gutenberg plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability | Techeshta | Post Layouts for Gutenberg | Medium | 6.5 | 2024-07-20 07:44:45 | Deep Dive |
| CVE-2024-38686 | WordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability | Pluginic | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | Medium | 6.5 | 2024-07-20 07:40:06 | Deep Dive |
| CVE-2024-38750 | WordPress Advanced post slider plugin <= 3.0.0 - Cross Site Scripting (XSS) vulnerability | digontoahsan | Advanced post slider | Medium | 6.5 | 2024-07-20 07:13:53 | Deep Dive |
| CVE-2024-6621 | WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update | rebelcode | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | Medium | 4.3 | 2024-07-16 11:00:58 | Deep Dive |
| CVE-2024-6557 | SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure | wpdevteam | SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher | Medium | 5.3 | 2024-07-16 04:31:29 | Deep Dive |
| CVE-2024-38735 | WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability | Bastien Ho | Event post | High | 7.5 | 2024-07-12 15:19:59 | Deep Dive |
| CVE-2024-2430 | Website Content in Page or Post < 2024.04.09 - Contributor+ Stored Cross-Site Scripting | Unknown | Website Content in Page or Post | 中危 | - | 2024-07-12 06:00:05 | Deep Dive |
| CVE-2024-1375 | Event post <= 5.9.10 - Cross-Site Request Forgery | bastho | Event post | Medium | 4.3 | 2024-07-12 02:36:08 | Deep Dive |
| CVE-2024-6264 | Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | gandhihitesh9 | Post Meta Data Manager | Medium | 6.4 | 2024-07-02 11:01:36 | Deep Dive |
| CVE-2024-1427 | The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 6.4 | 2024-07-02 05:32:56 | Deep Dive |
| CVE-2024-5942 | Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure | carlosfazenda | Fast Page & Post Duplicator | Medium | 4.3 | 2024-06-29 04:33:27 | Deep Dive |
| CVE-2024-5662 | Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget | bdthemes | Ultimate Post Kit Addons for Elementor | Medium | 6.4 | 2024-06-28 08:33:29 | Deep Dive |
| CVE-2024-5503 | WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion | codevibrant | WP Blog Post Layouts | High | 8.8 | 2024-06-21 02:05:42 | Deep Dive |