| CVE-2023-30750 | WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection | CreativeMindsSolutions | CM Popup Plugin for WordPress | High | 8.5 | 2023-12-20 17:06:20 | Deep Dive |
| CVE-2023-45105 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection | SERVIT Software Solutions | affiliate-toolkit – WordPress Affiliate Plugin | Medium | 4.7 | 2023-12-19 19:48:26 | Deep Dive |
| CVE-2023-25715 | WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control | GamiPress | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress | Medium | 5.4 | 2023-12-19 15:40:16 | Deep Dive |
| CVE-2023-49821 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) | LiveChat | LiveChat – WP live chat plugin for WordPress | Medium | 5.4 | 2023-12-18 22:31:10 | Deep Dive |
| CVE-2023-49841 | WordPress Optin Forms Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) | FancyThemes | Optin Forms – Simple List Building Plugin for WordPress | Medium | 5.9 | 2023-12-14 15:56:48 | Deep Dive |
| CVE-2023-50371 | WordPress Advanced Page Visit Counter Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS) | Page Visit Counter | Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | Medium | 6.5 | 2023-12-14 12:57:08 | Deep Dive |
| CVE-2023-5979 | eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF | Unknown | eCommerce Product Catalog Plugin for WordPress | - | - | 2023-12-04 21:27:38 | Deep Dive |
| CVE-2023-48328 | WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF) | Imagely | WordPress Gallery Plugin – NextGEN Gallery | Medium | 4.3 | 2023-11-30 16:05:37 | Deep Dive |
| CVE-2023-5803 | WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF) | Business Directory Team | Business Directory Plugin – Easy Listing Directories for WordPress | Medium | 4.3 | 2023-11-30 15:57:06 | Deep Dive |
| CVE-2023-46086 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS) | SERVIT Software Solutions | affiliate-toolkit – WordPress Affiliate Plugin | High | 7.1 | 2023-11-30 15:50:13 | Deep Dive |
| CVE-2023-37867 | WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition | YetAnotherStarsRating.com | YASR – Yet Another Star Rating Plugin for WordPress | Low | 3.7 | 2023-11-30 14:11:24 | Deep Dive |
| CVE-2023-48323 | WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2023-11-30 12:59:15 | Deep Dive |
| CVE-2023-5209 | Bookly < 22.5 - Admin+ Stored XSS | Unknown | WordPress Online Booking and Scheduling Plugin | 中危 | - | 2023-11-27 16:21:59 | Deep Dive |
| CVE-2023-47839 | WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Cross Site Scripting (XSS) | impleCode | eCommerce Product Catalog Plugin for WordPress | Medium | 6.5 | 2023-11-22 23:22:56 | Deep Dive |
| CVE-2023-2497 | UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:39 | Deep Dive |
| CVE-2023-6008 | UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.3 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-6009 | UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-2449 | UserPro <= 5.1.1 - Insecure Password Reset Mechanism | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:37 | Deep Dive |
| CVE-2023-2437 | UserPro <= 5.1.1 - Authentication Bypass to Administrator | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:33 | Deep Dive |
| CVE-2023-2438 | UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 15:33:30 | Deep Dive |