| CVE-2025-0897 | Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode | wpcalc | Modal Window – create popup modal window | Medium | 6.4 | 2025-02-20 08:22:07 | Deep Dive |
| CVE-2025-0864 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | Medium | 6.1 | 2025-02-18 07:28:15 | Deep Dive |
| CVE-2025-24638 | WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | pddring | Create with Code | Medium | 6.5 | 2025-01-24 17:24:40 | Deep Dive |
| CVE-2024-11423 | Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch | WP Swings | Gift Cards for WooCommerce Pro | High | 7.5 | 2025-01-08 11:09:25 | Deep Dive |
| CVE-2024-11826 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | mdmag | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | Medium | 6.4 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-12402 | Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation | themescoder | TC Ecommerce – Create Android & iOS Apps for WooCommerce | Critical | 9.8 | 2025-01-07 03:21:54 | Deep Dive |
| CVE-2024-12272 | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion | wptravelengine | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor | High | 8.8 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-11938 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | wpswings | One Click Upsell Funnel for Woocommerce | Medium | 6.4 | 2024-12-21 07:03:00 | Deep Dive |
| CVE-2024-12042 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) | inspireui | MStore API – Create Native Android & iOS Apps On The Cloud | Medium | 5.4 | 2024-12-13 08:24:51 | Deep Dive |
| CVE-2024-11882 | FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | bplugins | Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder. | Medium | 6.4 | 2024-12-12 05:24:19 | Deep Dive |
| CVE-2024-10959 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | High | 7.3 | 2024-12-10 11:09:12 | Deep Dive |
| CVE-2024-11276 | PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | Medium | 6.1 | 2024-12-06 08:24:54 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-11179 | MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection | inspireui | MStore API – Create Native Android & iOS Apps On The Cloud | Medium | 6.5 | 2024-11-20 09:31:55 | Deep Dive |
| CVE-2024-10861 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-11-16 02:02:32 | Deep Dive |
| CVE-2024-10168 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | Medium | 6.4 | 2024-11-06 11:32:02 | Deep Dive |
| CVE-2024-9302 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP | appcheap | App Builder – Create Native Android & iOS Apps On The Flight | High | 8.1 | 2024-10-25 06:51:24 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2020-36834 | Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization | flycart | Discount Rules for WooCommerce | Medium | 6.3 | 2024-10-16 06:43:27 | Deep Dive |
| CVE-2024-8541 | Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting | flycart | Discount Rules for WooCommerce | Medium | 4.7 | 2024-10-16 02:05:01 | Deep Dive |