| CVE-2023-37391 | WordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) | WPMobilePack.com | WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps | Medium | 5.4 | 2023-07-11 09:45:07 | Deep Dive |
| CVE-2022-45823 | WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) | GalleryPlugins | Video Contest WordPress Plugin | Medium | 4.3 | 2023-07-11 07:50:53 | Deep Dive |
| CVE-2021-4392 | eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass | implecode | eCommerce Product Catalog Plugin for WordPress | Medium | 4.3 | 2023-07-01 04:26:50 | Deep Dive |
| CVE-2021-4389 | WP Travel <= 4.4.6 - Cross-Site Request Forgery Bypass | wptravel | WP Travel – Ultimate Travel Booking System, Tour Management Engine | Medium | 4.3 | 2023-07-01 04:26:48 | Deep Dive |
| CVE-2021-4393 | eCommerce Product Catalog Plugin for WordPress <= 3.0.17 - Cross-Site Request Forgery Bypass | implecode | eCommerce Product Catalog Plugin for WordPress | Medium | 4.3 | 2023-07-01 04:26:47 | Deep Dive |
| CVE-2023-29434 | WordPress Optin Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) | FancyThemes | Optin Forms – Simple List Building Plugin for WordPress | Medium | 5.9 | 2023-06-26 10:08:55 | Deep Dive |
| CVE-2023-32960 | WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF) | UpdraftPlus.Com, DavidAnderson | UpdraftPlus WordPress Backup Plugin | High | 7.1 | 2023-06-22 12:51:42 | Deep Dive |
| CVE-2023-35093 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control | StylemixThemes | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.5 | 2023-06-22 11:07:21 | Deep Dive |
| CVE-2023-35090 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS) | StylemixThemes | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.5 | 2023-06-22 10:33:17 | Deep Dive |
| CVE-2023-2221 | WP Custom Cursors < 3.2 - Admin+ SQLi | Unknown | WP Custom Cursors | WordPress Cursor Plugin | 高危 | - | 2023-06-19 10:52:42 | Deep Dive |
| CVE-2023-0692 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:37 | Deep Dive |
| CVE-2023-1430 | FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control | techjewel | FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | Medium | 6.5 | 2023-06-09 05:33:37 | Deep Dive |
| CVE-2023-0721 | Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.3 | 2023-06-09 05:33:34 | Deep Dive |
| CVE-2023-2289 | wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting | nik00726 | Vertical Image Slider | Medium | 6.1 | 2023-06-09 05:33:34 | Deep Dive |
| CVE-2023-0292 | Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 5.4 | 2023-06-09 05:33:33 | Deep Dive |
| CVE-2023-1889 | Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task | wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads | Medium | 6.5 | 2023-06-09 05:33:29 | Deep Dive |
| CVE-2023-0708 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:28 | Deep Dive |
| CVE-2023-0691 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0710 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.9 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0688 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:23 | Deep Dive |