| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8964 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | sirv | Image Optimizer, Resizer and CDN – Sirv | Medium | 6.4 | 2024-10-08 07:32:28 | Deep Dive |
| CVE-2024-8480 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload | sirv | Image Optimizer, Resizer and CDN – Sirv | High | 8.8 | 2024-09-06 03:30:40 | Deep Dive |
| CVE-2024-6392 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update | sirv | Image Optimizer, Resizer and CDN – Sirv | Medium | 5.4 | 2024-07-11 21:31:34 | Deep Dive |
| CVE-2024-6556 | SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure | wpmudev | SmartCrawl SEO checker, analyzer & optimizer | Medium | 5.3 | 2024-07-10 08:32:17 | Deep Dive |
| CVE-2024-5853 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload | sirv | Image Optimizer, Resizer and CDN – Sirv | Critical | 9.9 | 2024-06-19 05:37:45 | Deep Dive |
| CVE-2024-4608 | SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | artbees | SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster | Medium | 6.4 | 2024-06-06 03:32:53 | Deep Dive |
| CVE-2024-4445 | WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization | aresit | WP Compress – Instant Performance & Speed Optimization | Medium | 6.5 | 2024-05-14 05:33:00 | Deep Dive |
| CVE-2023-6812 | WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css | aresit | WP Compress – Instant Performance & Speed Optimization | Medium | 4.3 | 2024-05-14 02:01:29 | Deep Dive |
| CVE-2024-3287 | SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization | wpmudev | SmartCrawl SEO checker, analyzer & optimizer | Medium | 5.3 | 2024-05-02 16:52:27 | Deep Dive |
| CVE-2024-32532 | WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability | SiteGround | Speed Optimizer | Medium | 5.3 | 2024-04-17 07:13:52 | Deep Dive |
| CVE-2024-32106 | WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability | WP Compress | WP Compress – Image Optimizer [All-In-One] | Medium | 4.3 | 2024-04-11 13:00:38 | Deep Dive |
| CVE-2024-31924 | WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability | nosilver4u | EWWW Image Optimizer | Medium | 4.3 | 2024-04-10 13:02:03 | Deep Dive |
| CVE-2023-6385 | WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF | Unknown | WordPress Ping Optimizer | - | - | 2024-04-10 05:00:02 | Deep Dive |
| CVE-2024-1934 | WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification | aresit | WP Compress – Instant Performance & Speed Optimization | High | 7.5 | 2024-04-09 18:59:06 | Deep Dive |
| CVE-2024-1976 | Marketing Optimizer <= 20200925 - Cross-Site Request Forgery to Stored Cross-Site Scripting | activeim | Marketing Optimizer | Medium | 4.3 | 2024-02-29 05:32:22 | Deep Dive |
| CVE-2023-6699 | WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css | aresit | WP Compress – Instant Performance & Speed Optimization | Critical | 9.1 | 2024-01-11 06:49:34 | Deep Dive |
| CVE-2023-52216 | WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF) | Yevhen Kotelnytskyi | JS & CSS Script Optimizer | Medium | 4.3 | 2024-01-08 19:23:01 | Deep Dive |
| CVE-2023-5949 | SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure | Unknown | SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | 高危 | - | 2023-12-18 20:08:03 | Deep Dive |
| CVE-2023-40600 | WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure | Exactly WWW | EWWW Image Optimizer | 中危 | - | 2023-11-30 15:00:09 | Deep Dive |