| CVE-2023-2448 | UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.5 | 2023-11-22 15:33:29 | Deep Dive |
| CVE-2023-2440 | UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:28 | Deep Dive |
| CVE-2023-6160 | LifterLMS <= 7.4.2 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion | chrisbadgett | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | Low | 3.3 | 2023-11-22 15:33:26 | Deep Dive |
| CVE-2023-6007 | UserPro <= 5.1.1 - Missing Authorization via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | High | 7.3 | 2023-11-22 15:33:26 | Deep Dive |
| CVE-2023-5742 | EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | dwusercom | EasyRotator for WordPress – Slider Plugin | Medium | 6.4 | 2023-11-22 15:33:23 | Deep Dive |
| CVE-2023-5815 | News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion | infornweb | Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News | High | 8.1 | 2023-11-22 15:33:22 | Deep Dive |
| CVE-2023-2447 | UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 07:32:12 | Deep Dive |
| CVE-2023-2446 | UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.5 | 2023-11-22 07:32:12 | Deep Dive |
| CVE-2023-47552 | WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF) | Labib Ahmed | Image Hover Effects – WordPress Plugin | Medium | 5.4 | 2023-11-18 21:45:38 | Deep Dive |
| CVE-2023-34013 | WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF) | Poll Maker Team | Poll Maker – Best WordPress Poll Plugin | Medium | 4.4 | 2023-11-13 02:28:32 | Deep Dive |
| CVE-2023-26524 | WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | ExpressTech | Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | Medium | 4.3 | 2023-11-12 23:55:19 | Deep Dive |
| CVE-2023-28172 | WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) | flippercode | WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) | Medium | 5.4 | 2023-11-12 22:24:13 | Deep Dive |
| CVE-2023-5982 | UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update | davidanderson | UpdraftPlus: WP Backup & Migration Plugin | Medium | 5.4 | 2023-11-07 20:31:57 | Deep Dive |
| CVE-2023-5577 | Bitly's WordPress Plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | bitlydeveloper | Bitly's WordPress Plugin | Medium | 6.4 | 2023-11-07 11:31:06 | Deep Dive |
| CVE-2023-45069 | WordPress Video Gallery – YouTube Gallery Plugin <= 2.1.3 is vulnerable to SQL Injection | Video Gallery by Total-Soft | Video Gallery – Best WordPress YouTube Gallery Plugin | 超危 | - | 2023-11-06 08:42:03 | Deep Dive |
| CVE-2023-45074 | WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection | Page Visit Counter | Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | 超危 | - | 2023-11-06 08:35:03 | Deep Dive |
| CVE-2022-47430 | WordPress The School Management plugin <= 4.1 - SQL Injection | Weblizar - WordPress Themes & Plugin | The School Management – Education & Learning Management | Medium | 6.7 | 2023-11-06 07:43:51 | Deep Dive |
| CVE-2023-24410 | WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection | Contact Form - WPManageNinja LLC | Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms | 超危 | - | 2023-10-31 14:25:56 | Deep Dive |
| CVE-2023-4836 | WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR | Unknown | WordPress File Sharing Plugin | 中危 | - | 2023-10-31 13:54:46 | Deep Dive |
| CVE-2023-5802 | WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) | Mihai Iova | WordPress Knowledge base & Documentation Plugin – WP Knowledgebase | Medium | 4.3 | 2023-10-26 11:47:50 | Deep Dive |