| CVE-2024-13913 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion | instawp | InstaWP Connect – 1-click WP Staging & Migration | High | 8.8 | 2025-03-14 05:24:04 | Deep Dive |
| CVE-2025-1401 | WP Click Info <= 2.7.4 - Reflected XSS | Unknown | WP Click Info | 中危 | - | 2025-03-13 06:00:07 | Deep Dive |
| CVE-2024-13615 | Social Media Plugin by Social Snap <= 1.3.6 - Admin+ Stored XSS | Unknown | Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap | 低危 | - | 2025-03-11 06:00:10 | Deep Dive |
| CVE-2025-1717 | Login Me Now <= 1.7.2 - Authentication Bypass | pluginly | Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress | High | 8.1 | 2025-02-27 07:23:13 | Deep Dive |
| CVE-2024-13609 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php | 1clickmigration | 1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone | Medium | 5.9 | 2025-02-18 04:21:21 | Deep Dive |
| CVE-2024-13555 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation | 1clickmigration | 1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone | Medium | 5.3 | 2025-02-18 04:21:19 | Deep Dive |
| CVE-2025-0822 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-15 12:43:03 | Deep Dive |
| CVE-2025-0821 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2024-13791 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 4.9 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2024-13656 | Click Mag - Viral WordPress News Magazine/Blog Theme <= 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion | MVPThemes | Click Mag - Viral WordPress News Magazine/Blog Theme | High | 8.1 | 2025-02-12 04:22:17 | Deep Dive |
| CVE-2025-0804 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | clickwhale | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages | Medium | 6.4 | 2025-01-29 03:21:24 | Deep Dive |
| CVE-2024-11327 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting | clickwhale | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages | Medium | 6.1 | 2025-01-11 02:20:55 | Deep Dive |
| CVE-2024-11686 | WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting | manycontacts | WhatsApp 🚀 click to chat | Medium | 6.1 | 2025-01-09 11:11:01 | Deep Dive |
| CVE-2024-11938 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | wpswings | One Click Upsell Funnel for Woocommerce | Medium | 6.4 | 2024-12-21 07:03:00 | Deep Dive |
| CVE-2023-41857 | WordPress Click To Tweet plugin <= 2.0.14 - Broken Access Control vulnerability | clicktotweet | Click To Tweet | Medium | 5.4 | 2024-12-13 14:24:21 | Deep Dive |
| CVE-2024-51803 | WordPress Inline Click To Tweet plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | Magnetic Creative | Inline Click To Tweet | Medium | 6.5 | 2024-11-19 16:31:57 | Deep Dive |
| CVE-2024-51844 | WordPress Location Click Map plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability | Kiran Patil | Location Click Map | Medium | 6.5 | 2024-11-19 16:31:38 | Deep Dive |
| CVE-2024-11038 | WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form | wpbean | WPB Popup for Contact Form 7 – Showing Contact Form 7 Popup on Button Click | High | 7.3 | 2024-11-19 11:02:29 | Deep Dive |
| CVE-2024-10853 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion | northmule | Buy one click WooCommerce | Medium | 4.3 | 2024-11-13 02:02:35 | Deep Dive |
| CVE-2024-10854 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import | northmule | Buy one click WooCommerce | Medium | 4.3 | 2024-11-13 02:02:35 | Deep Dive |