| CVE-2023-6594 | WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | maxfoundry | MaxButtons – Create buttons | Medium | 4.4 | 2024-01-09 02:34:51 | Deep Dive |
| CVE-2023-5911 | WP Custom Cursors <= 3.2 - Admin+ Stored XSS | Unknown | WP Custom Cursors | WordPress Cursor Plugin | - | - | 2024-01-08 19:00:37 | Deep Dive |
| CVE-2023-52124 | WordPress WP Tabs Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) | ShapedPlugin LLC | WP Tabs – Responsive Tabs Plugin for WordPress | Medium | 6.5 | 2024-01-05 11:17:09 | Deep Dive |
| CVE-2023-51538 | WordPress Awesome Support Plugin <= 6.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2024-01-05 09:47:19 | Deep Dive |
| CVE-2023-6747 | FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | https://fooplugins.com | FooGallery Premium | Medium | 6.4 | 2024-01-03 08:29:49 | Deep Dive |
| CVE-2023-7027 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-6629 | POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 6.1 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-6113 | WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download | Unknown | WP STAGING WordPress Backup Plugin | 中危 | - | 2024-01-01 14:18:59 | Deep Dive |
| CVE-2023-51547 | WordPress Fluent Support Plugin <= 1.7.6 is vulnerable to SQL Injection | WPManageNinja LLC | Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin | High | 7.6 | 2023-12-31 17:39:52 | Deep Dive |
| CVE-2023-52185 | WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure | Everestthemes | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | Medium | 5.3 | 2023-12-31 16:50:39 | Deep Dive |
| CVE-2023-51688 | WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Sensitive Data Exposure | impleCode | eCommerce Product Catalog Plugin for WordPress | Medium | 5.3 | 2023-12-29 14:53:55 | Deep Dive |
| CVE-2023-50891 | WordPress Zoho Forms Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) | Zoho Forms | Form plugin for WordPress – Zoho Forms | Medium | 6.5 | 2023-12-29 11:19:02 | Deep Dive |
| CVE-2023-50845 | WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection | AyeCode - WordPress Business Directory Plugins | GeoDirectory – WordPress Business Directory Plugin, or Classified Directory | High | 7.6 | 2023-12-28 18:23:08 | Deep Dive |
| CVE-2023-47191 | WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR) | KaineLabs | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2023-12-21 18:26:53 | Deep Dive |
| CVE-2023-28421 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.10 is vulnerable to Sensitive Data Exposure | Winwar Media | WordPress Email Marketing Plugin – WP Email Capture | Medium | 5.3 | 2023-12-21 14:11:32 | Deep Dive |
| CVE-2023-48288 | WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.1 is vulnerable to Sensitive Data Exposure | HM Plugin | WordPress Job Board and Recruitment Plugin – JobWP | High | 7.5 | 2023-12-21 14:05:57 | Deep Dive |
| CVE-2023-29384 | WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload | HM Plugin | WordPress Job Board and Recruitment Plugin – JobWP | Critical | 10.0 | 2023-12-20 19:04:35 | Deep Dive |
| CVE-2022-47599 | WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection | File Manager by Bit Form Team | File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager | Medium | 5.5 | 2023-12-20 17:42:54 | Deep Dive |
| CVE-2023-28788 | WordPress Advanced Page Visit Counter Plugin <= 6.4.2 is vulnerable to SQL Injection | Page Visit Counter | Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | High | 7.1 | 2023-12-20 17:19:52 | Deep Dive |
| CVE-2023-29096 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection | BestWebSoft | Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | High | 8.5 | 2023-12-20 17:16:06 | Deep Dive |