| CVE-2023-6877 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 6.4 | 2024-04-07 01:55:15 | Deep Dive |
| CVE-2024-2949 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | Medium | 6.4 | 2024-04-06 06:47:19 | Deep Dive |
| CVE-2024-31085 | WordPress Post-Plugin Library plugin <= 2.6.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | Rob Marsh, SJ | Post-Plugin Library | High | 7.1 | 2024-03-31 19:34:22 | Deep Dive |
| CVE-2024-31112 | WordPress Convert Post Types plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | Stephanie Leary | Convert Post Types | High | 7.1 | 2024-03-31 18:56:41 | Deep Dive |
| CVE-2024-30440 | WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability | Themify | Themify Event Post | Medium | 5.9 | 2024-03-29 17:17:12 | Deep Dive |
| CVE-2024-30441 | WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid | High | 7.1 | 2024-03-29 17:14:47 | Deep Dive |
| CVE-2024-23515 | WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability | Cincopa | Post Video Players | Medium | 5.4 | 2024-03-27 13:41:15 | Deep Dive |
| CVE-2024-29761 | WordPress WP Post Disclaimer plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | Krunal Prajapati | WP Post Disclaimer | Medium | 6.5 | 2024-03-27 13:14:39 | Deep Dive |
| CVE-2024-29925 | WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2024-03-27 07:26:10 | Deep Dive |
| CVE-2024-2888 | WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability | BoldGrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.5 | 2024-03-26 05:41:02 | Deep Dive |
| CVE-2024-24850 | WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability | Mark Stockton | Quicksand Post Filter jQuery Plugin | Medium | 5.3 | 2024-03-21 17:49:24 | Deep Dive |
| CVE-2024-29128 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability | Post SMTP | POST SMTP | High | 7.1 | 2024-03-19 14:04:00 | Deep Dive |
| CVE-2024-24845 | WordPress Post Thumbnail Editor plugin <= 2.4.8 - Unauthenticated Sensitive Data Exposure vulnerability | Sewpafly | Post Thumbnail Editor | Medium | 5.3 | 2024-03-16 04:29:23 | Deep Dive |
| CVE-2024-27196 | WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | Joel Starnes | postMash – custom post order | High | 7.1 | 2024-03-15 12:47:13 | Deep Dive |
| CVE-2024-2286 | Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2024-03-13 15:27:18 | Deep Dive |
| CVE-2024-0829 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:15 | Deep Dive |
| CVE-2024-0369 | Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles | pawaryogesh1989 | Bulk Edit Post Titles | Medium | 4.3 | 2024-03-13 15:27:14 | Deep Dive |
| CVE-2024-0681 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass | cyberlord92 | Page and Post Restriction | Medium | 5.3 | 2024-03-13 15:27:08 | Deep Dive |
| CVE-2024-0830 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:05 | Deep Dive |
| CVE-2024-2006 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 8.8 | 2024-03-13 15:27:04 | Deep Dive |