| CVE-2024-51634 | WordPress Webriti Custom Login plugin <= 0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | a.ankit | Webriti Custom Login | High | 7.1 | 2024-11-19 16:32:30 | Deep Dive |
| CVE-2024-8959 | WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | litonice13 | WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer | Medium | 6.4 | 2024-10-24 11:34:09 | Deep Dive |
| CVE-2024-49246 | WordPress Ajax Rating with Custom Login plugin <= 1.1 - SQL Injection vulnerability | anand23 | Ajax Rating with Custom Login | - | - | 2024-10-17 17:31:28 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8665 | YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting | yithemes | YITH Custom Login | Medium | 6.1 | 2024-09-13 06:47:26 | Deep Dive |
| CVE-2024-6554 | Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure | wpmudev | Branda – White Label & Branding, Free Login Page Customizer | Medium | 5.3 | 2024-07-11 03:33:19 | Deep Dive |
| CVE-2024-5191 | Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | wpmudev | Branda – White Label & Branding, Free Login Page Customizer | Medium | 6.4 | 2024-06-21 06:58:19 | Deep Dive |
| CVE-2024-35732 | WordPress YITH Custom Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | YITHEMES | YITH Custom Login | Medium | 5.9 | 2024-06-08 12:52:23 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-1991 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-1990 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:52 | Deep Dive |
| CVE-2024-1720 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.7 | 2024-03-07 05:32:39 | Deep Dive |
| CVE-2023-51509 | WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) | Metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.1 | 2024-02-01 11:24:54 | Deep Dive |
| CVE-2022-40700 | Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins | Montonio | Montonio for WooCommerce | High | 8.2 | 2024-01-19 14:30:11 | Deep Dive |
| CVE-2022-42884 | WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control | ThemeinProgress | WIP Custom Login | Medium | 5.4 | 2024-01-17 18:17:27 | Deep Dive |
| CVE-2023-52128 | WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF) | WhiteWP | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | Medium | 4.3 | 2024-01-05 08:49:17 | Deep Dive |
| CVE-2023-50846 | WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection | RegistrationMagic | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.6 | 2023-12-28 18:19:26 | Deep Dive |
| CVE-2023-47645 | WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) | RegistrationMagic | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 4.3 | 2023-11-30 13:34:47 | Deep Dive |