| CVE-2024-2081 | FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting | fooplugins | Gallery by FooGallery | Medium | 6.4 | 2024-04-09 18:59:29 | Deep Dive |
| CVE-2024-1463 | LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.4 | 2024-04-09 18:59:12 | Deep Dive |
| CVE-2024-3136 | MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-04-09 18:59:08 | Deep Dive |
| CVE-2024-3097 | WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure | smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | Medium | 5.3 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-2783 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | Medium | 6.4 | 2024-04-09 18:58:56 | Deep Dive |
| CVE-2024-2423 | UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2024-04-09 18:58:42 | Deep Dive |
| CVE-2024-1904 | MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 4.3 | 2024-04-09 18:58:37 | Deep Dive |
| CVE-2024-1289 | LearnPress <= 4.2.6.3 - Insecure Direct Object Reference | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.5 | 2024-04-09 18:58:32 | Deep Dive |
| CVE-2024-2471 | FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields | fooplugins | Gallery by FooGallery | Medium | 6.4 | 2024-04-06 05:37:15 | Deep Dive |
| CVE-2024-2115 | LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.8 | 2024-04-05 07:34:36 | Deep Dive |
| CVE-2024-30478 | WordPress Announcement & Notification Banner – Bulletin plugin <= 3.8.5 - SQL Injection vulnerability | Bulletin | WordPress Announcement & Notification Banner Plugin – Bulletin | High | 7.6 | 2024-03-29 13:38:08 | Deep Dive |
| CVE-2024-2409 | MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-03-29 08:31:30 | Deep Dive |
| CVE-2024-2411 | MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-03-29 08:31:30 | Deep Dive |
| CVE-2024-29771 | WordPress Dracula Dark Mode plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | SoftLab | Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress | Medium | 6.5 | 2024-03-27 12:58:26 | Deep Dive |
| CVE-2022-38057 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability | ThemeHunk | Advance WordPress Search Plugin | Medium | 6.5 | 2024-03-25 11:36:58 | Deep Dive |
| CVE-2024-1799 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 8.8 | 2024-03-20 02:35:42 | Deep Dive |
| CVE-2024-0779 | Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking | Unknown | Enjoy Social Feed plugin for WordPress website | 中危 | - | 2024-03-18 19:05:42 | Deep Dive |
| CVE-2024-0780 | Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset | Unknown | Enjoy Social Feed plugin for WordPress website | 中危 | - | 2024-03-18 19:05:41 | Deep Dive |
| CVE-2024-0377 | LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review | chrisbadgett | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | Medium | 5.3 | 2024-03-13 15:27:16 | Deep Dive |
| CVE-2024-1363 | Easy Accordion – Best Accordion FAQ Plugin for WordPress <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | shapedplugin | Easy Accordion – Responsive Accordion FAQ Builder and Product FAQ | Medium | 6.4 | 2024-03-13 15:27:03 | Deep Dive |