| CVE-2024-3155 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-05-21 02:32:59 | Deep Dive |
| CVE-2024-33917 | WordPress WTI Like Post plugin <= 1.4.6 - IP Restriction Bypass Vulnerability vulnerability | webtechideas | WTI Like Post | Medium | 5.3 | 2024-05-17 08:13:54 | Deep Dive |
| CVE-2024-4400 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |
| CVE-2024-4546 | Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode | avimegladon | Custom Post Type Attachment | Medium | 6.4 | 2024-05-16 07:32:43 | Deep Dive |
| CVE-2024-4363 | Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter | nko | Visual Portfolio, Photo Gallery & Post Grid | Medium | 6.4 | 2024-05-14 23:31:45 | Deep Dive |
| CVE-2024-3239 | PostX < 4.0.2 - Contributor+ Stored XSS | Unknown | Post Grid Gutenberg Blocks and WordPress Blog Plugin | 中危 | - | 2024-05-13 06:00:01 | Deep Dive |
| CVE-2024-4446 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-05-09 20:03:30 | Deep Dive |
| CVE-2024-34430 | WordPress TT Custom Post Type Creator plugin <=1.0 - Cross Site Scripting (XSS) vulnerability | Rashed Latif | TT Custom Post Type Creator | Medium | 5.9 | 2024-05-09 11:12:10 | Deep Dive |
| CVE-2024-34566 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability | Johan van der Wijk | Content Blocks (Custom Post Widget) | Medium | 6.5 | 2024-05-08 10:55:00 | Deep Dive |
| CVE-2024-34372 | WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability | AddonMaster | Post Grid Master | Medium | 5.3 | 2024-05-06 18:59:59 | Deep Dive |
| CVE-2024-34387 | WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability | AF themes | WP Post Author | Medium | 4.3 | 2024-05-06 18:49:04 | Deep Dive |
| CVE-2024-34389 | WordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerability | AF themes | WP Post Author | Medium | 4.3 | 2024-05-06 18:42:15 | Deep Dive |
| CVE-2024-34390 | WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability | AddonMaster | Post Grid Master | Medium | 6.5 | 2024-05-06 18:21:57 | Deep Dive |
| CVE-2024-3936 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 4.3 | 2024-05-02 16:52:52 | Deep Dive |
| CVE-2024-0908 | Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure | bplugins | Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters | Medium | 5.3 | 2024-05-02 16:52:24 | Deep Dive |
| CVE-2024-3021 | Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting | mdhadid | Mhr Post Ticker | Medium | 4.4 | 2024-05-02 16:51:56 | Deep Dive |
| CVE-2024-33636 | WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability | Mahesh Vora | WP Page Post Widget Clone | Medium | 5.4 | 2024-04-29 08:21:29 | Deep Dive |
| CVE-2024-33629 | WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.0.0 - Server Side Request Forgery (SSRF) vulnerability | Creative Motion | Auto Featured Image (Auto Post Thumbnail) | Medium | 4.4 | 2024-04-29 07:43:40 | Deep Dive |
| CVE-2024-33681 | WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability | Sandor Kovacs | Regenerate post permalink | High | 7.1 | 2024-04-29 06:01:18 | Deep Dive |
| CVE-2022-40975 | WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability | Aazztech | Post Slider | Medium | 5.4 | 2024-04-26 13:36:03 | Deep Dive |