| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-51666 | WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS) | PickPlugins | Related Post | Medium | 6.5 | 2024-02-01 10:16:46 | Deep Dive |
| CVE-2024-22289 | WordPress Post views Stats plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | CyberNetikz | Post views Stats | High | 7.1 | 2024-01-31 17:47:49 | Deep Dive |
| CVE-2023-3178 | POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF | Unknown | POST SMTP Mailer | 中危 | - | 2024-01-16 15:55:30 | Deep Dive |
| CVE-2021-24567 | Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) | Unknown | Simple Post | 高危 | - | 2024-01-16 15:48:44 | Deep Dive |
| CVE-2023-6620 | Post SMTP < 2.8.7 - Admin+ SQL Injection | Unknown | POST SMTP Mailer | 高危 | - | 2024-01-15 15:10:41 | Deep Dive |
| CVE-2024-0530 | CXBSoft Post-Office HTTP POST Request reg_go.php sql injection | CXBSoft | Post-Office | Medium | 5.5 | 2024-01-15 01:31:03 | Deep Dive |
| CVE-2024-0529 | CXBSoft Post-Office HTTP POST Request login_auth.php sql injection | CXBSoft | Post-Office | Medium | 5.5 | 2024-01-15 01:00:05 | Deep Dive |
| CVE-2024-0528 | CXBSoft Post-Office HTTP POST Request update_go.php sql injection | CXBSoft | Post-Office | Medium | 5.5 | 2024-01-15 00:31:05 | Deep Dive |
| CVE-2023-6875 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2024-01-11 08:33:06 | Deep Dive |
| CVE-2023-6645 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-01-11 08:32:50 | Deep Dive |
| CVE-2023-6883 | Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 4.3 | 2024-01-11 06:49:33 | Deep Dive |
| CVE-2023-6798 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 5.4 | 2024-01-06 09:38:37 | Deep Dive |
| CVE-2023-6801 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Authenticated (Author+) Stored Cross-Site Scripting | themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | Medium | 6.4 | 2024-01-06 09:38:26 | Deep Dive |
| CVE-2023-6493 | Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 - Cross-Site Request Forgery via save | averta | Depicter — Popup & Slider Builder | Medium | 4.3 | 2024-01-05 02:02:21 | Deep Dive |
| CVE-2023-6621 | Post SMTP < 2.8.7 - Reflected Cross-Site Scripting | Unknown | POST SMTP | - | - | 2024-01-03 08:32:43 | Deep Dive |
| CVE-2023-6629 | POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 6.1 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-7027 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-49765 | WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR) | Blaz K. | Rate my Post – WP Rating System | Medium | 4.3 | 2023-12-21 18:30:00 | Deep Dive |
| CVE-2023-22674 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control | Hal Gatewood | Dashicons + Custom Post Types | Medium | 5.4 | 2023-12-21 14:18:07 | Deep Dive |
| CVE-2023-34168 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection | Alex Raven | WP Report Post | High | 7.6 | 2023-12-18 22:36:13 | Deep Dive |