| CVE-2024-3678 | Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 5.3 | 2024-04-26 07:28:19 | Deep Dive |
| CVE-2024-33642 | WordPress Advanced Post List plugin <= 0.5.6.1 - Cross Site Scripting (XSS) vulnerability | EkoJR | Advanced Post List | Medium | 5.9 | 2024-04-26 07:21:06 | Deep Dive |
| CVE-2024-3929 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-04-25 07:33:58 | Deep Dive |
| CVE-2023-25785 | WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability | Shoaib Saleem | WP Post Rating | Medium | 5.3 | 2024-04-24 14:43:07 | Deep Dive |
| CVE-2024-32823 | WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability | FeedbackWP | Rate my Post – WP Rating System | Medium | 5.3 | 2024-04-24 10:16:43 | Deep Dive |
| CVE-2024-32801 | WordPress Widget Post Slider plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | ShapedPlugin | Widget Post Slider | Medium | 5.9 | 2024-04-24 08:44:16 | Deep Dive |
| CVE-2024-32816 | WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability | PickPlugins | Post Grid | High | 7.5 | 2024-04-24 07:41:32 | Deep Dive |
| CVE-2024-32559 | WordPress WP 404 Auto Redirect to Similar Post plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | hwk-fr | WP 404 Auto Redirect to Similar Post | High | 7.1 | 2024-04-18 10:07:22 | Deep Dive |
| CVE-2023-6805 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF) | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 6.4 | 2024-04-17 12:54:02 | Deep Dive |
| CVE-2024-31379 | WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability | Smash Balloon | Smash Balloon Social Post Feed | Medium | 4.3 | 2024-04-15 10:21:09 | Deep Dive |
| CVE-2024-32082 | WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability | Kamlesh Parmar | Sync Post With Other Site | High | 7.1 | 2024-04-15 07:42:35 | Deep Dive |
| CVE-2024-31264 | WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability | dFactory | Post Views Counter | Medium | 4.3 | 2024-04-12 12:46:36 | Deep Dive |
| CVE-2024-0881 | Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access | Unknown | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel | - | - | 2024-04-11 15:36:31 | Deep Dive |
| CVE-2024-32108 | WordPress Convert Post Types plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability | Stephanie Leary | Convert Post Types | Medium | 4.3 | 2024-04-11 12:56:26 | Deep Dive |
| CVE-2024-31935 | WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability | BracketSpace | Simple Post Notes | Medium | 4.3 | 2024-04-11 12:18:03 | Deep Dive |
| CVE-2024-3020 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | High | 7.2 | 2024-04-10 04:30:22 | Deep Dive |
| CVE-2024-1850 | AI Post Generator | AutoWriter <= 3.3 - Missing Authorization | kekotron | AI Post Generator | AutoWriter | Medium | 6.3 | 2024-04-09 18:58:46 | Deep Dive |
| CVE-2023-6993 | Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | totalpressorg | Custom post types, Custom Fields & more | Medium | 6.4 | 2024-04-09 18:58:40 | Deep Dive |
| CVE-2024-31366 | WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability | Themify | Post Type Builder (PTB) | High | 7.1 | 2024-04-09 07:23:00 | Deep Dive |
| CVE-2024-31365 | WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | Themify | Post Type Builder (PTB) | High | 7.1 | 2024-04-09 07:14:26 | Deep Dive |