| CVE-2024-1158 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 4.3 | 2024-03-13 15:26:35 | Deep Dive |
| CVE-2024-1214 | Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 4.3 | 2024-03-12 23:33:51 | Deep Dive |
| CVE-2024-1278 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2024-03-12 23:33:51 | Deep Dive |
| CVE-2024-1213 | Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 5.4 | 2024-03-12 23:33:50 | Deep Dive |
| CVE-2023-7072 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint | pickplugins | Post Grid | High | 7.5 | 2024-03-12 22:32:27 | Deep Dive |
| CVE-2024-1169 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 7.5 | 2024-03-07 11:01:58 | Deep Dive |
| CVE-2024-1170 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.2 | 2024-03-07 11:01:58 | Deep Dive |
| CVE-2024-25927 | WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection | Joel Starnes | postMash – custom post order | Critical | 9.3 | 2024-02-28 12:47:35 | Deep Dive |
| CVE-2024-24849 | WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | Mark Stockton | Quicksand Post Filter jQuery Plugin | Medium | 4.3 | 2024-02-21 07:04:20 | Deep Dive |
| CVE-2024-1317 | RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | High | 8.8 | 2024-02-20 18:56:47 | Deep Dive |
| CVE-2024-1318 | RSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and Publication | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 6.5 | 2024-02-20 18:56:21 | Deep Dive |
| CVE-2023-51493 | WordPress Custom Post Carousels with Owl Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) | Howard Ehrenberg | Custom Post Carousels with Owl | Medium | 6.5 | 2024-02-10 08:20:28 | Deep Dive |
| CVE-2024-0628 | WordPress Plugin WP RSS Aggregator 代码问题漏洞 | jeangalea | WP RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | Low | 3.8 | 2024-02-07 06:46:56 | Deep Dive |
| CVE-2023-6996 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection | josevega | Display custom fields in the frontend – Post and User Profile Fields | High | 8.8 | 2024-02-05 21:22:03 | Deep Dive |
| CVE-2024-0612 | Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 4.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2024-0630 | WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source | rebelcode | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | Medium | 4.4 | 2024-02-05 21:21:54 | Deep Dive |
| CVE-2024-1092 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 4.3 | 2024-02-05 21:21:54 | Deep Dive |
| CVE-2024-0509 | WP 404 Auto Redirect to Similar Post <= 1.0.3 - Reflected Cross-Site Scripting via request | hwk-fr | WP 404 Auto Redirect to Similar Post | Medium | 6.1 | 2024-02-05 21:21:48 | Deep Dive |
| CVE-2023-6982 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 6.4 | 2024-02-05 21:21:39 | Deep Dive |
| CVE-2023-6983 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-02-05 21:21:32 | Deep Dive |