| CVE-2020-36745 | WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 4.3 | 2023-07-01 04:26:52 | Deep Dive |
| CVE-2023-3315 | Jenkins Plugin Team Concert 安全漏洞 | Jenkins Project | Jenkins Team Concert Plugin | 中危 | - | 2023-06-19 20:10:21 | Deep Dive |
| CVE-2022-47164 | WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF) | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce | Medium | 4.3 | 2023-05-25 08:27:25 | Deep Dive |
| CVE-2022-46822 | WordPress WooCommerce JazzCash Gateway Plugin Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | JC Development Team | WooCommerce JazzCash Gateway Plugin | High | 7.1 | 2023-05-09 11:12:09 | Deep Dive |
| CVE-2023-23977 | WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | Team Heateor | WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments | Medium | 6.5 | 2023-04-04 12:56:36 | Deep Dive |
| CVE-2022-47444 | WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS) | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2023-03-29 12:35:45 | Deep Dive |
| CVE-2023-28422 | WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS) | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce | Medium | 5.9 | 2023-03-23 11:45:08 | Deep Dive |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | All In One WP Security & Firewall Team | All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) | Medium | 5.4 | 2022-11-22 16:00:11 | Deep Dive |
| CVE-2022-43492 | WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability | gVectors Team | Comments – wpDiscuz (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:08:14 | Deep Dive |
| CVE-2022-40192 | WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability | gVectors Team | wpForo Forum (WordPress plugin) | High | 7.1 | 2022-11-17 22:14:27 | Deep Dive |
| CVE-2022-40200 | WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability | gVectors Team | wpForo Forum (WordPress plugin) | Critical | 9.9 | 2022-11-17 22:01:00 | Deep Dive |
| CVE-2022-40206 | WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability | gVectors Team | wpForo Forum (WordPress plugin) | Medium | 6.3 | 2022-11-08 18:31:21 | Deep Dive |
| CVE-2022-27858 | WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability | Activity Log Team | Activity Log (WordPress plugin) | High | 7.4 | 2022-11-08 18:29:27 | Deep Dive |
| CVE-2022-40205 | WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability | gVectors Team | wpForo Forum (WordPress plugin) | Medium | 5.4 | 2022-11-08 18:26:59 | Deep Dive |
| CVE-2022-40632 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability | gVectors Team | wpForo Forum (WordPress plugin) | Medium | 5.4 | 2022-11-08 18:23:19 | Deep Dive |
| CVE-2022-36340 | WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability | MailOptin Popup Builder Team | MailOptin (WordPress plugin) | Medium | 6.5 | 2022-09-23 18:31:51 | Deep Dive |
| CVE-2022-37339 | WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Fullworks | Meet My Team (WordPress plugin) | Medium | 4.1 | 2022-09-23 13:39:11 | Deep Dive |
| CVE-2022-38073 | WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties) | Awesome Support Team | Awesome Support (WordPress plugin) | Medium | 5.4 | 2022-09-21 19:07:43 | Deep Dive |
| CVE-2022-38093 | WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | All in One SEO Team | All in One SEO (WordPress plugin) | Medium | 5.4 | 2022-09-09 14:39:54 | Deep Dive |
| CVE-2022-38144 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability | gVectors Team | wpForo Forum (WordPress plugin) | 高危 | - | 2022-09-09 14:39:54 | Deep Dive |