| CVE-2024-1389 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2024-02-20 18:56:46 | Deep Dive |
| CVE-2024-0656 | Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 4.4 | 2024-02-20 18:56:40 | Deep Dive |
| CVE-2024-1408 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:34 | Deep Dive |
| CVE-2024-1519 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2024-02-20 18:56:31 | Deep Dive |
| CVE-2024-1570 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:30 | Deep Dive |
| CVE-2024-1390 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 4.3 | 2024-02-20 18:56:20 | Deep Dive |
| CVE-2024-0616 | Passster – Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure | wpchill | Passster – Password Protect Pages and Content | Medium | 5.3 | 2024-02-20 18:56:18 | Deep Dive |
| CVE-2024-24928 | WordPress Content Cards Plugin <= 0.9.7 is vulnerable to Cross Site Scripting (XSS) | Arunas Liuiza | Content Cards | Medium | 6.5 | 2024-02-12 06:00:43 | Deep Dive |
| CVE-2023-51492 | WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS) | If So Plugin | If-So Dynamic Content Personalization | Medium | 6.5 | 2024-02-10 08:23:57 | Deep Dive |
| CVE-2024-0969 | ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 5.3 | 2024-02-05 21:22:05 | Deep Dive |
| CVE-2024-0612 | Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 4.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2024-1046 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-05 21:21:51 | Deep Dive |
| CVE-2023-6985 | 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation | 10web | 10Web AI Assistant – AI content writing assistant | Medium | 6.5 | 2024-02-05 21:21:37 | Deep Dive |
| CVE-2024-24839 | WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | Gordon Böhme, Antonio Leutsch | Structured Content (JSON-LD) #wpsc | Medium | 6.5 | 2024-02-05 06:31:24 | Deep Dive |
| CVE-2024-0909 | Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass | cayenne | Anonymous Restricted Content | Medium | 5.3 | 2024-02-03 05:38:33 | Deep Dive |
| CVE-2023-51534 | WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS) | Brave | Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content | Medium | 5.9 | 2024-02-01 10:31:21 | Deep Dive |
| CVE-2023-51674 | WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Cross Site Scripting (XSS) | AAM | Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More | Medium | 6.5 | 2024-02-01 10:22:56 | Deep Dive |
| CVE-2024-0624 | Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-01-25 01:55:03 | Deep Dive |
| CVE-2022-45083 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.6 | 2024-01-19 14:37:19 | Deep Dive |
| CVE-2024-20928 | Oracle Fusion Middleware 安全漏洞 | Oracle Corporation | WebCenter Content | Medium | 6.1 | 2024-01-16 21:41:17 | Deep Dive |