| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8757 | Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection | afthemes | WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars | High | 7.2 | 2024-10-12 09:39:19 | Deep Dive |
| CVE-2024-44051 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability | Johan van der Wijk | Content Blocks (Custom Post Widget) | Medium | 6.5 | 2024-09-17 22:19:17 | Deep Dive |
| CVE-2024-6544 | Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure | coffee2code | Custom Post Limits | Medium | 5.3 | 2024-09-13 15:10:40 | Deep Dive |
| CVE-2024-43305 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.11 - Cross Site Scripting (XSS) vulnerability | Code Amp | Custom Layouts – Post + Product grids made easy | Medium | 6.5 | 2024-08-18 14:23:41 | Deep Dive |
| CVE-2024-3564 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode | vanderwijk | Content Blocks (Custom Post Widget) | High | 8.8 | 2024-06-01 03:31:17 | Deep Dive |
| CVE-2024-3565 | Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2024-06-01 03:31:17 | Deep Dive |
| CVE-2024-4546 | Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode | avimegladon | Custom Post Type Attachment | Medium | 6.4 | 2024-05-16 07:32:43 | Deep Dive |
| CVE-2024-34430 | WordPress TT Custom Post Type Creator plugin <=1.0 - Cross Site Scripting (XSS) vulnerability | Rashed Latif | TT Custom Post Type Creator | Medium | 5.9 | 2024-05-09 11:12:10 | Deep Dive |
| CVE-2024-34566 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability | Johan van der Wijk | Content Blocks (Custom Post Widget) | Medium | 6.5 | 2024-05-08 10:55:00 | Deep Dive |
| CVE-2024-0908 | Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure | bplugins | Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters | Medium | 5.3 | 2024-05-02 16:52:24 | Deep Dive |
| CVE-2023-6993 | Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | totalpressorg | Custom post types, Custom Fields & more | Medium | 6.4 | 2024-04-09 18:58:40 | Deep Dive |
| CVE-2024-27196 | WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | Joel Starnes | postMash – custom post order | High | 7.1 | 2024-03-15 12:47:13 | Deep Dive |
| CVE-2024-25927 | WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection | Joel Starnes | postMash – custom post order | Critical | 9.3 | 2024-02-28 12:47:35 | Deep Dive |
| CVE-2023-51493 | WordPress Custom Post Carousels with Owl Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) | Howard Ehrenberg | Custom Post Carousels with Owl | Medium | 6.5 | 2024-02-10 08:20:28 | Deep Dive |
| CVE-2023-6996 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection | josevega | Display custom fields in the frontend – Post and User Profile Fields | High | 8.8 | 2024-02-05 21:22:03 | Deep Dive |
| CVE-2023-6982 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 6.4 | 2024-02-05 21:21:39 | Deep Dive |
| CVE-2023-6983 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-02-05 21:21:32 | Deep Dive |
| CVE-2023-22674 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control | Hal Gatewood | Dashicons + Custom Post Types | Medium | 5.4 | 2023-12-21 14:18:07 | Deep Dive |
| CVE-2023-50372 | WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | Hiroaki Miyashita | Custom Post Type Page Template | Medium | 4.3 | 2023-12-18 10:15:29 | Deep Dive |